Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

can´t access site-to-site vpn from VPN Client using PIX506

I have a big problem. I have a site to site vpn working, using 2 PIX 506. Everything is fine. It works like expected. Now i configured one Pix, to allow access trough the latest Cisco VPN Client. I can access to local connected lan, but i can`t access the site to site vpn, also configured on this router.

I think the problem is, that the Pix can`t route between this networks. Someone told me, that i need to route on the "inside interface".

But how?

The remote users are in different class c network, then the local or "site-to-site" network.

Does someone have a idea?

1 REPLY
New Member

Re: can´t access site-to-site vpn from VPN Client using PIX506

Hi,

Cisco documentation says that this won't do. Incoming and outgoing traffic is not possible on the same interface of the pix-firewall due to the firewall-policy.

But there is a trick. Adding a static and a route for the remote networks overrides that firewall behaviour. But doing this you should be aware of security issues. For security reason you should then have a router with access-list in front of the pix that denys all traffic to your private nets .... incoming from the internet.

Ulrich

201
Views
0
Helpful
1
Replies
CreatePlease to create content