I have a situation that I believe my PIX needs to be configured for and I was looking for some help. Here's my situation.
A Win2K server set up as RRAS (Routing and Remote Access) to allow VPN clients into my network from the outside. The server has 4 NICs.
used for cross over connection directly to PIX interface used for VPN clients.
used to connect to 172.16.0.X subnet through an 11000 Content Switch
used to connect to 172.16.1.X subnet through a 3500XL Switch
used to connect to the 172.16.2.X subnet through a 4000 Catalyst Switch
each of the three subnets has its own default gateway out to a seperate interface on one of two PIXs. So I have one PIX with two interfaces (for subnet 1 and subnet2). And I have one PIX with two interfaces (for subnet3 and cross-over from VPN Server Nic1.
My problem is this. Logged in locally to the Win2k machine, I can ping all hosts and PIX interfaces on all subnets. I can't however connect to machines on the other networks (subnet to subnet). VPN clients coming in, can only connect to machines on the 172.16.0.X subnet. I have alias commands on the PIX that look something like
alias (inside) 172.16.0.11 external IP 255.255.255.255.
I don't however have alias commands hosts on the other subnets because they are on the other PIX. Can anyone please offer me some help with this situation. When a client is VPNd into the system, they can't ping anything, but they can connect to things using the IP address. It appears to me that there is a default gateway issue on the hosts themselves, but I don't want them to communicate all their traffic out the single VPN Nic/interface. If this is the only option I'd like some help.