Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn access to a pix w/ multiple interfaces

I have a pix to vpn client configured. The pix has multiple dmz's, the problem is that my client cannot access all dmz's. I can access the inside network no problem, but when I try and ping a device directly connected to another interface I don't recieve a response. When I debug on the pix, I see the request and a reply but my computer with the client doesn't get a response. My access-list is getting hit so I know that the traffic is seen as being interesting.

3 REPLIES
New Member

Re: vpn access to a pix w/ multiple interfaces

You may want to read this conversation "SPLIT-TUNNEL". You should be able to ping the host on the dmz but you will not be able to establish a TCP/UDP connection. This is so because the PIX does not support asymmetric routing. Everything will work fine with the inside interface.

New Member

Re: vpn access to a pix w/ multiple interfaces

I have found a way to make this work but have not been able to test other than ping. The soulution I used is to the following command to a router that is in my inside network. "route (inside) client network, routers interface" This seems to work give it a try and let me know

New Member

Re: vpn access to a pix w/ multiple interfaces

Pinging the host on the "dmz" is not a problem. Like I said before, you will only be able to ping but not be able to establish any TCP/UDP connection.

88
Views
0
Helpful
3
Replies