Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
4
Replies

PIX with a Parallel VPN Device

bob.bartlett
Level 1
Level 1

‎06-15-2002 06:37 PM - edited ‎02-21-2020 11:48 AM

I have a PIX 515 with 3 interfaces in it that connects to an outside router with 2 ethernet interfaces. On the other interface is a Ravlin 10 VPN device. It has a local interface with an IP in the same segment that the PIX local interface is. Our remote users can not route through the tunnels since our work stations are sending packets to the PIX that have to come back out the same interface and go to the VPN device.

Is there a way to get the PIX to route these packets back out the same interface to the VPN device?

Labels:
0 Helpful
4 Replies 4

awaheed
Cisco Employee
Cisco Employee

‎06-19-2002 04:40 PM

Hi Bob,

As it can be an issue letting Firewalls bounce or redirect packets off its Interfaces, we donot allow this on the PIX Firewall to make sure its Secure and Efficient at what it does best, Firewalling. So you might want to rethink your Network topolgy to incorporate that or just terminate the VPN tunnels on the PIX Firewall itself.

Hope this helps,

Regards,

Aamir Waheed,

Cisco Systems, Inc.

-=-=-

0 Helpful

bob.bartlett
Level 1
Level 1
In response to awaheed

‎06-19-2002 07:12 PM

We have a router on the inside that we are pointing all the internal workstations and servers. Additionally we are pointing all traffic from the tunnels to this router. Our problem is that it appears that some of the traffic coming out of the tunnels now dies there and never gets to the PIX. Could this be a configuration problem on the PIX? Thanks for the feedback. I need to get more experience with the PIX...

0 Helpful

afakhan
Level 4
Level 4
In response to bob.bartlett

‎06-19-2002 09:09 PM

Hi,

It could be beacuse of :

1)VPN device dropping those packets

2)Internal router dropping packets (missing route)

3)or if they are desitned to go out to the internet (all tunneling on VPN) then it could be a misconfiguration of NAT/PAT on the PIX.

Debugs on router and PIX will tell where the problem is...

Thanks,

Afaq

0 Helpful

bob.bartlett
Level 1
Level 1
In response to afakhan

‎06-20-2002 07:07 PM

Thanks for all the help. The guy configuring the PIX left out a return route. Once we added it all is good.

Is there a good book that really covers the PIX well? I have a feeling I will need more of an understanding of the PIX for my future. Thanks...

0 Helpful
Customers Also Viewed These Support Documents