Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Dynamic vpn and site-to-site vpn

Hi,

We have 2 sites and they connected through Pix 506 version 6.3 site-to-site vpn. Now we would like to use dynamic vpn for our remote user to have access remotely. The problem is when the vpn client successfully connected they can only access the main office data but when they try to access the branch site it doesn't respond (Not even ping). Please help. Thanks

3 REPLIES
Cisco Employee

Re: Dynamic vpn and site-to-site vpn

Hello,

I think the only resolution on 6.3 is to allow both Pixes to accept remote access connections. The issue is on 6.x code, Pix won't allow traffic that enters an interface to exit that same interface.

Pix 506 can't run 7.x code. However, if you are able to run 7.x you can accomplish what you are trying to accomplish with "same-security-traffic permit intra-interface"

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/s.htm#wp1494249

Hope that helps! If so, please rate.

Thanks

Re: Dynamic vpn and site-to-site vpn

hemendoz, you are absolutely correct.

Community Member

Re: Dynamic vpn and site-to-site vpn

Thanks for your advise. Do you have any solution how to get this resolve? We wouldn't want to upgrade our to pix to 515.

151
Views
0
Helpful
3
Replies
CreatePlease to create content