I know this is a restriction with PIX v6 and the golden rule that trafic cannot come in and go out of the same interface. (need a 515 with v7 for that).
My question is:
-Is there no other way to make this work? How about a router on a stick in Site A? Send traffic to the router and have the router send it back to the PIX. If this is possible any ideas on how to set this up.
Any other solutions except for spending ~5K on a 515 just for this functionality?
I used this Cisco document for my reference and setup:
I don't think that the redirect share thing will work, as the only thing that the server would do is redirect you to a server on net_b. (as least in Windows world).
So only way would be to replace the pix with a router. No change to stick a router behind the PIX on the internal LAN (Like a W2K3 'router'). Think cheap and dirty, it's a small shop that I'm doing this for.
share folder created on net_a server. i really mean like rdp to the net_a server first, then accessing the net_b resources from net_a server.
regarding the router behind the net_a pix, just wondering how it works. assuming the pix is the vpn termination for vpn client. how would the pix forward the traffic destined for net_b to the router, and then from the router back to the pix, which in turn forward the traffic to net_b via lan-lan vpn.
let's put all this into an example.
net_a pix receives a packet from the vpn client destined for 192.168.2. pix has no route to net_b except the crypto map. unfortunately as you know already, pix v6.x doesn't support this with the golden rule saying no traffic in/out the same interface. now, if you apply a static route for net_b pointing to the router, then pix will be confused between the crypto map and the static route for net_b. does it make sense?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...