Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX-PIX VPN and VPN Client - can't access central network

I have hub and spoke PIXes, and a VPN Client connecting to the spoke PIX, much the same as the configuration example here:-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800948b8.shtml

This example demonstrates the VPN client accessing the network behind the spoke PIX. I want the client to also be able to access the central network i.e. the client connects to the spoke pix over vpn, and traffic is routed through the PIX-PIX vpn to the central site.

How would that change the config in the example?

Cheers,

Jon

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX-PIX VPN and VPN Client - can't access central network

you can't do this, the PIX won't route a packet back out the same interface it came in on. The only way to do this is to have the client connect to the hub PIX, but then they wouldn't be able to get to the network behind the remote PIX either.

Or have the client connect on a different interface in the remote PIX, but that would mean another ISP connection on that PIX. Config example is here: http://www.cisco.com/warp/public/110/client-pixhub.html

1 REPLY
Cisco Employee

Re: PIX-PIX VPN and VPN Client - can't access central network

you can't do this, the PIX won't route a packet back out the same interface it came in on. The only way to do this is to have the client connect to the hub PIX, but then they wouldn't be able to get to the network behind the remote PIX either.

Or have the client connect on a different interface in the remote PIX, but that would mean another ISP connection on that PIX. Config example is here: http://www.cisco.com/warp/public/110/client-pixhub.html

90
Views
0
Helpful
1
Replies
CreatePlease login to create content