Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Dynamic VPN and site-site VPN problem

Hi ,

The problem I am facing is as below :

We currently have exchange servers in one of our sites in Canada . Remote users login to this server by using their VPN client.VPN is being handled by a PIX firewall which gives out a 10.10.10.x address to anyone that connects.

We also have a site to site tunnel between the firewall in Canada and our office in Vienna , VA . We have created object groups and the corresponding access-lists which allow all the subnets in Ottawa to talk to all of our subnets in Vienna through the VPN.

The subnets in Vienna are 10.11.x.x and the subnets in Canada are 10.0.250.x and 10.0.150.x

We are moving the exchange servers from Canada to Vienna and herein lies the problem.

Users logging in via the VPN client now get the IP address 10.10.10.x. I have added this network to the object group here in Vienna and also in Ottawa . This however did not work. The VPN user was unable to access the test server while he had an IP address of 10.10.10.x

My question is this .. what changes do I need to make on the firewalls to ensure that the remote user logging in via VPN client is able to access my server here in Vienna.In other words , how I let the 10.10.10.x address know that in order to get to 10.11.x.x , it needs to take the existing site- site VPN tunnel.

I need to fix this problem quickly and any help on this matter would be greatly appreciated.




Re: Dynamic VPN and site-site VPN problem

this can only be achieved by running pix v.7, since v.6.x doesn't support traffic in and out the same interface.

providing the pix is running v7, then have a read of this cisco doc:

CreatePlease to create content