Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
3
Replies

vpn access to a pix w/ multiple interfaces

h.hobart
Level 1
Level 1

‎08-06-2002 10:54 AM - edited ‎02-21-2020 11:59 AM

I have a pix to vpn client configured. The pix has multiple dmz's, the problem is that my client cannot access all dmz's. I can access the inside network no problem, but when I try and ping a device directly connected to another interface I don't recieve a response. When I debug on the pix, I see the request and a reply but my computer with the client doesn't get a response. My access-list is getting hit so I know that the traffic is seen as being interesting.

Labels:
0 Helpful
3 Replies 3

abdul.kokumo
Level 1
Level 1

‎08-06-2002 11:31 AM

You may want to read this conversation "SPLIT-TUNNEL". You should be able to ping the host on the dmz but you will not be able to establish a TCP/UDP connection. This is so because the PIX does not support asymmetric routing. Everything will work fine with the inside interface.

0 Helpful

h.hobart
Level 1
Level 1

‎08-06-2002 02:10 PM

I have found a way to make this work but have not been able to test other than ping. The soulution I used is to the following command to a router that is in my inside network. "route (inside) client network, routers interface" This seems to work give it a try and let me know

0 Helpful

abdul.kokumo
Level 1
Level 1
In response to h.hobart

‎08-07-2002 05:02 AM

Pinging the host on the "dmz" is not a problem. Like I said before, you will only be able to ping but not be able to establish any TCP/UDP connection.

0 Helpful
Customers Also Viewed These Support Documents