Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN clients being able to access already setup tunnels

Hi everybody,

I have a central site with one 506E Pix and 5 remote sites connected using 501E Pix (IpSec Tunnels). Now I have to permit VPN clients to connect to the central site (no problem for this) but also they have to be able to access the remote sites, at least one of them.

For what I know, this can't be done using a 506E Pix but my question is... If got a 515E Pix with three interfaces could this be solved?

I would appreciate you answered me or suggested any other solution for the problem.

Thank you all in advanced!

5 REPLIES
Silver

Re: VPN clients being able to access already setup tunnels

What about creating another connection entry on your VPN client and configuring the 506 for accepting client connections. All that the remote user has to do is to choose the appropriate connection entry and connect using it.

New Member

Re: VPN clients being able to access already setup tunnels

The 506E on central site is already configured to accept vpn connections.

The problem is that it connects on the outside interface of the Pix and therefore it cannot use the already setup tunnels used by the remote sites.

If you meant setting up several client connecting, each one of them pointing to the remote sites PIX's, the answer is Yes I can do that, but I want to make it simple for the user so he can establish a vpn client connection and have access to the entire network (or at least to one remote site).

New Member

Re: VPN clients being able to access already setup tunnels

I dont think it is possible with any kind of PIX. Simply cause PIX cant route traffic coming from one interface and route it back to same interface. which means traffic coming from one VPN tunnel cant go out to another tunnel. You can use a Router making it a hub and rest being spoke. With router you will be able to acheive what you are trying to do.

Silver

Re: VPN clients being able to access already setup tunnels

New Member

Re: VPN clients being able to access already setup tunnels

I'm agreeing with proposed solution. Good news also that PIX firmware 6.3 support VLANs. So you do not need separate physical interfaces. Possible next releases solve problems with VPN tunnel routing. Most firewall vendors made this decision - allow VPN routing through the HUB.

133
Views
5
Helpful
5
Replies