We have a geographically distributed environment: two physical locations and several remote employees. Employees need access to servers on both physical networks. Our idea was to establish a VPN between the two physical locations, and employees would connect to either physical location to access resources in that location OR the other location.
The two offices have SDSL, and we've setup a PIX 506 on either network to act as the firewall and VPN device. We've got a static VPN between the two locations using pre-shared keys, and that's working fine (each location can "see" servers at the other location).
Now we want to add VPN clients. When a client (using Cisco VPN Client 3.1.1) connects to either PIX, it can see servers on the network it connected to. But the problem is that it can't see servers on the other side of the PIX-to-PIX VPN.
I've been told by support that this is expected, because the PIX is not a router. My question is: what can be done to make it work? Is it possible to add some sort of router to allow clients to see the remote peer network?
Hopefully somebody else has already done this for other geographically-distributed offices, so I'd appreciate any advice you have. We're a small company, so a low-cost solution that (hopefully) leverages our existing PIX 506 investment is important.
Thanks in advance!