08-03-2010 09:12 PM - edited 03-11-2019 11:20 AM
Dear Experts,
Please refer the attached scenario.
I have formed an IP sec Tunnel and advertised the LAN subnets & its working fine.
But i have another requirement
External users are connected to site A pix using pptp vpn and once they connected they will get ip range of 192.168.5.1-5.100.My requirement is these subnets 192.168.5.x has to access site B's LAN subnets (10.2.2.0/24) Is this possible, If so what configurations i have to do on PIX. Please help me!
Thanks,
Pramod
08-03-2010 09:24 PM
Hello,
Please try the following:
-- Add a nonat rule for traffic from 192.168.5.x subnet to 10.2.2.x subnet
-- Add the crypto access-list for traffic from 192.168.5.x subnet to
10.2.2.x subnet
-- Add a nonat rule for traffic from 10.2.2.x subnet to 192.168.5.x subnet
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration
_example09186a00804675ac.shtml
Hope this helps.
Regards,
NT
08-04-2010 12:29 AM
you will need to do u turning too
since u have a pix can you plz mention the version u r running, as on pix on certain versions u turning is not supported
08-04-2010 03:01 AM
The version currently running is "Cisco PIX Firewall Version 6.3(4)"
08-04-2010 03:28 AM
in that case you will not be able to do u turning or hair pinning
so i guess we will have to figure out a way around
08-04-2010 03:48 AM
will version upgrade of 7.3 will fix ?
Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 464 MHz !!!
08-04-2010 03:50 AM
i would suggest that you go the latest code for PIX here is the doc which will help you
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml
08-04-2010 03:51 AM
by the way the latest and the max you can go for PIX is 8.04
08-04-2010 04:20 AM
Note PPTP users are connected to
Site A using PIX outside interface from the internet cloud!!!
08-04-2010 04:32 AM
yes i understand so u have pptp and site site terminating on the same interface right
08-04-2010 04:34 AM
yes, u r right !!!
08-04-2010 04:36 AM
yup so you cant do it with the current version of PIX
08-04-2010 06:12 AM
Hello,
Code version above 7.2(4) will work and you will be able to do the U-turn.
Hope this helps.
Regards,
NT
08-04-2010 09:52 PM
Ok, think if i replace the pptp with site to reamote access vpn for site A,(users connecting from outside
{internet} )... then if i need to access LAN subnets in site B, still we need u turning ? or any other mechanism to work ?
08-04-2010 11:04 PM
you will still need it... in any case i would still recommend you upgrade because 6.3 is a ancient code which is soon going into the books and you dont want to play catching up ...
u turning is just one small feature that you get in newer code, one of the most important tool that i personally find the most useful as tac engg is packet tracer,
as such the structure of the code is new and diff compared to 6.3
..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: