I have two pix 515's. I have equipment that I need to access behind one firewall on a 10.10.14.xx subnet. The other firewall where I reside is on a 10.10.12.xx subnet behind the other firewall. On the 10.10.14.xx network firewall I have static (inside,outside) statements that tell the firewall from external ip address mapped to internal ip address. I also have a conduit permit statement saying external host ip address permit by external subnet of our LAN.
So what happens is while I'm at work in my 10.10.12.xx network its NAT to and external IP address. employees access equipment by external ip address and it works great. Once I get home I can't access it and thats good. I want employees to use VPN. However thats not set up correctly. VPN is set to only have access to 10.10.12.xx network via 10.10.15.xx
confusing but I need to be able to VPN in under a 10.10.15.xx address which connects to the 10.10.12.1 firewall and have the 10.10.12.1 firewall talk to the 10.10.14.1 firewall. I think if I get that working employees wont have to access the equipment on an outside ip address.
I also have two seperate windows 2003 servers running dhcp. one for the 10.10.12.1 network and 10.10.14.1 network.
Mike your explanation was a bit confusing to me so I am going to try and answer based on how I read it. It seems you have two PIX firewalls with inside IP Subnets of 10.10.14.x and 10.10.12.x
First thing is if you are using conduits as you state they need to go, upgrade those PIXs as conduits are deprecated and the OS version you have thus is very old.
I get the impression there is a Lan to lan tunnel between the two pix's and this the subnets. You then connect using a remote access vpn that is assigned an ip address out of the 10.10.15.x subnet. If that is the case you need to be able to hairpin on the pix in order to do this with just the pix you will need to upgrade their OS in order to use the intra interface command check this out
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :