I have a pix to vpn client configured. The pix has multiple dmz's, the problem is that my client cannot access all dmz's. I can access the inside network no problem, but when I try and ping a device directly connected to another interface I don't recieve a response. When I debug on the pix, I see the request and a reply but my computer with the client doesn't get a response. My access-list is getting hit so I know that the traffic is seen as being interesting.
You may want to read this conversation "SPLIT-TUNNEL". You should be able to ping the host on the dmz but you will not be able to establish a TCP/UDP connection. This is so because the PIX does not support asymmetric routing. Everything will work fine with the inside interface.
I have found a way to make this work but have not been able to test other than ping. The soulution I used is to the following command to a router that is in my inside network. "route (inside) client network, routers interface" This seems to work give it a try and let me know
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...