Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX1 -> PIX2 -> PIX3 - PIX1 cant see PIX3 internal network..

I have 3 PIX 515E running 7.2(3)

PIX1 can see PIX2 inside networks

PIX2 can see PIX1 and PIX3 inside networks

PIX3 can see PIX2 inside networks

PIX1 192.168.2.0/24

PIX2 192.168.104.0/24

PIX3 134.71.123.112/28

(I was not here for this numbering)

All running IPSec VPN between them. My guess is once this is figured out I should be able to figure out how to also connect Cisco VPN 3 clients to PIX2 to see all networks if not able to connect Cisco VPN 3 clients to PIX1 and PIX3 and see all networks as well.

2 REPLIES

Re: PIX1 -> PIX2 -> PIX3 - PIX1 cant see PIX3 internal network..

Do you have a network diagram for this one?

-John

New Member

Re: PIX1 -> PIX2 -> PIX3 - PIX1 cant see PIX3 internal network..

Hello.

You should be able to quite easily add IPSEC client functionality to each of the PIX's.

As long as each PIX has its NAT 0 rules and ACL's for crypto updated to reflect connectivity for each other subnet.

You wll need to aplply the global command.

same-security-traffic permit intra-interface to allow traffic to "hairpin" or enter and exit the same interface.

You need to make these changes on each firewall.

341
Views
0
Helpful
2
Replies