We currently have a site-to-site VPN setup using a PIX 506 and PIX 515 (with 3 interfaces). On the DMZ interface of the PIX 515 we have a VPN 3005. The VPN clients establish the tunnel to the public interface on the VPN 3005 and thereafter through the PIX 515 to the inside servers. It is also possible to go to the internet through the PIx 515.
Now we want the VPN clients to connect to servers on the other network through the site-to-site tunnel with the PIX 506. Is it possible and how?
Its possible for the VPN clients to go through an already existed Site to Site tunnel, the onyl thing to keep in mind is the Split tunnel should have all the Networks that need to be accessed by the Client added to the Network lists. Additionally the Routing at the Hub should be setup properly to attain this. Keep in mind here the limitation of PIX of not letting packets bounce off an interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...