Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
0
Helpful
2
Replies

Pix site to Site and Client VPN

ricey
Level 1
Level 1

‎06-03-2003 08:09 AM - edited ‎02-21-2020 12:34 PM

I have a pix 501 with a site to site vpn configured to a Checkpoint NG firewall which works fine.

In addition I have configured a vpngroup for remote client access to the inside network behind the pix. Again this works fine.

I wish to enable remote users local pool 192.168.2.0 to be able to connect to the internal networks behind the checkpoint firewall. I have configured access lists to allow ip traffic to and from 192.168.2.0 to checkpoint network (10.45.0.0) as part of the allowed networks over the site to site vpn. I have also configured these entries on the nonat access list however I cannot see anything on the 10.45.0.0 network from dial-in vpn users.

Any ideas?

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎06-05-2003 10:58 PM

You can't do this, the PIX won't route traffic back out the same interface it came in on, that includes traffic coming in one one IPSec tunnel and going back out another. No way around it, sorry.

0 Helpful

ricey
Level 1
Level 1
In response to gfullage

‎06-10-2003 12:34 AM

I rather thought that might be the case. Thanks very much for clarifying this.

0 Helpful
Customers Also Viewed These Support Documents