Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX 515 Route from Client VPN to separate IPSEC VPN device?

I cannot get this to work? We have a pix 515 (6.3) that we use for remote user access and Internet access. We recently added a netscreen 50 to the mix, which connects us to our partner company via IPSEC VPN. The inside interface of both devices are on the same subnet. The remote user Cisco VPN users are on a different subnet. When remote users connect to our office via Cisco VPN client to the PIX, we cannot access the the netscreen inside interface or our partner compnay. Any tips, config examples? Thanks!

3 REPLIES

Re: PIX 515 Route from Client VPN to separate IPSEC VPN device?

make sure u have nat exmption applied properly on the PIX to the VPN client address pool

on the netscreen make sure that net screen has a route to the vpn client address pool point to the inside pix interface ip address

on the pix u need to add a route that poin to the partner network point to the netscrren inside ip as well

on netscreen u need to include the client vpn address pool in the ipsec interesting traffic

i have no experience with netscreen but the above needs to be done to get ur network operational

good luck

if helpful Rate

Community Member

Re: PIX 515 Route from Client VPN to separate IPSEC VPN device?

thanks... I was just interested in what needs to be configured on the pix to allow remote access vpn users to connect to the pix and then be allow them to access a remote office over a separate ipsec vpn.

Re: PIX 515 Route from Client VPN to separate IPSEC VPN device?

do u have a route statment to the partner network point to the other firewall inside interface thorugh ur inside pix firewall ?

do u have the nat exmption configured correctly

good luck

129
Views
0
Helpful
3
Replies
CreatePlease to create content