Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
3
Helpful
4
Replies

Problem with VPN connection from 3600 to Pix 501 to Zyxel FW

gclavadetscher
Level 1
Level 1

‎04-29-2003 01:56 AM - edited ‎02-21-2020 12:30 PM

Hi

I'm trying to communicate beween 2 remote Lan, this accross a router3600, pix501 and FW ZYXEL zuwall 100 (using 2 vpn tunnel).

->

172.17.0.115 -> Router3600 - vpn - pix501

- vpn - FW ZYXEL - 192.168.101.0

between Router 3600 and pix 501 AND between pix501 and FW ZYXEL -> INTERNET -> Outside interface.

When I try to ping from 172.17.0.115 to 192.168.101.10. I get a error message on the pix 501 -> 110001: No route to 192.168.101.10 from 172.17.0.115.

but I have a default route

Do somebody know why?

and if a pix 501 can endure such 2 vpn, one to cisco router, one to Zyxel FW?

Thanks for your help.

Labels:
0 Helpful
4 Replies 4

jasobrown
Level 1
Level 1

‎04-29-2003 07:56 AM

Just to clarify is this your setup?

Pix 501

/ \

/ \

3600 ZYXEL

| |

172.17.0.115 192.168.101.0

And you are trying to use the 501 as a HUB VPN device?

Or is it like this

172.17.0.115

|

3600

|

| VPN

|

Pix

|

| VPN

|

ZYXEL

0 Helpful

gclavadetscher
Level 1
Level 1
In response to jasobrown

‎04-29-2003 08:05 AM

Hi,

It's the first one, I'm trying to use the PIX as a VPN hub....

Well I was trying, I saw in the doc:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080093bd3.shtml

that it was impossible to use a pix as a hub.

It is correct?

If yes do you know if they will be a new release allowing that?

Thanks for you message.

Gael

0 Helpful

jasobrown
Level 1
Level 1
In response to gclavadetscher

‎04-29-2003 08:16 AM

Right .. you won't be able to do it that way because of the way the Pix functions. The good ol saying that the pix won't reroute traffic back out the same interface it came in on. You could do this on the 3600 and it will be able to hande the VPN "hub" functionality.

As far as a release to allow VPN Hubs on the Pix. I don't know for sure if that is on the roadmap or even that far. I would guess not as I would assume it would take some major programming changes ...

Regards,

jasobrown
Level 1
Level 1

‎04-29-2003 07:57 AM

Just to clarify is this your setup?

Pix 501

/ \

/ \

3600 ZYXEL

| |

172.17.0.115 192.168.101.0

And you are trying to use the 501 as a HUB VPN device?

Or is it like this

172.17.0.115

|

3600

|

| VPN

|

Pix

|

| VPN

|

ZYXEL

|

192.168.101.10

?

Regards,

0 Helpful
Customers Also Viewed These Support Documents