Cisco Support Community
Community Member

Pix site to Site and Client VPN

I have a pix 501 with a site to site vpn configured to a Checkpoint NG firewall which works fine.

In addition I have configured a vpngroup for remote client access to the inside network behind the pix. Again this works fine.

I wish to enable remote users local pool to be able to connect to the internal networks behind the checkpoint firewall. I have configured access lists to allow ip traffic to and from to checkpoint network ( as part of the allowed networks over the site to site vpn. I have also configured these entries on the nonat access list however I cannot see anything on the network from dial-in vpn users.

Any ideas?

Cisco Employee

Re: Pix site to Site and Client VPN

You can't do this, the PIX won't route traffic back out the same interface it came in on, that includes traffic coming in one one IPSec tunnel and going back out another. No way around it, sorry.

Community Member

Re: Pix site to Site and Client VPN

I rather thought that might be the case. Thanks very much for clarifying this.

CreatePlease to create content