Remote User -- VPN Connection -- Head Office PIX -- Cisco router -- Head Office LAN
The Pix is running 6.3(3)
The Cisco router also has several leased line (serial) connections to branch offices.
Remote users can establish VPN connections, terminating on our head office PIX, and connect to resources on our head office LAN. However, they are unable to access any other subnets other than our main office subnet - for example, we have a number of branch offices connected by leased lines yet they are unable to access these locations.
If you are connected on our head office LAN, you have connectivity with everywhere - remote users connected over VPN and the branch offices connected by leased line.
I set up a capture on the PIX and when I try to ping from one of the branch offices connected by leased line to a remote user connected over VPN then I can see the echo requests coming in but no responses back from the remote user.
(A ping from the Head office LAN to the remote user is successful though so I don't think it's the case that the remote user is blocking ping)
Any suggestions on how I can establish connectivity between the remote users and the branch offices connected by leased line?
I have all the branch office subnets configured in the split-tunnel access-list.
Yes, I am able to ping from the PIX to the branch office IP addresses.
I perhaps should have mentioned - this is only affecting remote users connecting from home using the Cisco VPN client. So is there something special that I need to consider in this case?
(For example, we have a few ADSL connected sites which have IPSEC VPN tunnels terminating on the Head Office PIX too - but they have no issues with establishing connectivity with the branch offices connected over leased lines)
I'm sure there is probably something simple I have overlooked but just can't think what it is!
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...