Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

access from vpn remote access clients to site to site tunnel network

I have remote access vpn configured and a site to site tunnel. I'd like the remote access clients to be able to initiate a tunnel connection and have connectivity to the site to site tunnel network. So far I've been unable to get either. The remote access client scope is 192.168.8.0/24, the site 2 site is 192.168.64.0/24, and the corporate WAN is 10.4.0.0/16. I'm able to connect from VPN to the corporate network and I'm able to initiate the tunnel from either side of the tunnel. My routing looks ok, and I don't see anything in the PIX's logs. PIX 7 at one end, and PIX 6.3 at the other. Here are my vpn related access-lists

access-list nonat line 1 extended permit ip 192.168.64.0 255.255.255.0 10.4.0.0 255.255.0.0

access-list nonat line 2 extended permit ip 192.168.64.0 255.255.255.0 192.168.8.0 255.255.255.0

access-list nonat line 3 extended permit ip 10.0.0.0 255.0.0.0 192.168.8.0 255.255.255.0

access-list nonat line 4 extended permit ip 192.168.8.0 255.255.255.0 10.0.0.0 255.0.0.0

access-list nonat line 5 extended permit ip 192.168.8.0 255.255.255.0 192.168.64.0 255.255.255.0

access-list nonat line 6 extended permit ip 10.0.0.0 255.0.0.0 192.168.64.0 255.255.255.0

access-list 100 line 1 extended permit ip 192.168.64.0 255.255.255.0 10.4.0.0 255.255.0.0

access-list 100 line 2 extended permit ip 192.168.64.0 255.255.255.0 192.168.8.0 255.255.255.0

access-list 100 line 3 extended permit ip 10.4.0.0 255.255.0.0 192.168.64.0 255.255.255.0

access-list 100 line 4 extended permit ip 192.168.8.0 255.255.255.0 192.168.64.0 255.255.255.0

does anyone have any ideas?

thank you,

Bill

4 REPLIES
Gold

Re: access from vpn remote access clients to site to site tunnel

Where is VPN for clients terminated on PIX 6.3 or on PIX 7.0???

PIX 6.3 does not route traffic received on one interface back out the same interface. Its possible with PIX 7.0

M.

Community Member

Re: access from vpn remote access clients to site to site tunnel

remote access is configured on the pix 7.

Community Member

Re: access from vpn remote access clients to site to site tunnel

are we talking about "hairpinning" on the pix? I can't seem to find much documentation for it. Nothing in the ASDM user guide, and google only kicks back a few posts and books for sale.

Community Member

Re: access from vpn remote access clients to site to site tunnel

I did find this

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080552364.html#wp1042114

i entered teh same-security-traffic permi intra-int command, but I see no change.

111
Views
0
Helpful
4
Replies
CreatePlease to create content