Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX Remote VPN user can't access remote hosts

My network topology is like this:

Network1---PIX1(6.3)------INTERNET------PIX2(7.0)---Network2

I've configured LAN to LAN VPN between two PIXs and enabled Remote VPN on both of them.

The thing is if a VPN client dials in PIX2 which has a 7.0 IOS, he can access the resources in both Network1 and Network2. If he dials in PIX1 which has a 6.3 IOS, he can only access the resources in Network1 but can't access Network2.

I'd like to know if only PIX2(7.0) support the VPN client accessing remote hosts or are there any specific configuration needed on PIX1(6.3)?

I Appreciate if you have any suggestions?

5 REPLIES
New Member

Re: PIX Remote VPN user can't access remote hosts

May I suggest to enable a syslog server on PIX1 (set to debug level) and check for error messages or deny connection. This way you will see if traffic passes thru the pix.

If required you may also need to set a syslog server on PIX2.

Check for opening required tcp and udp ports on both PIX1 and PIX2 to let traffic pass for VPN-Client. (such as udp/4500, tcp/10000, etc...)

Cisco Employee

Re: PIX Remote VPN user can't access remote hosts

Pix 7 allows for this via "same-security-traffic permit intra-interface". Pix 6 does not allow traffic that comes in from an interface to go back out that same interface.

Please review these links for more info

Permitting Intra-Interface Traffic

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450beb.html#wp1042114

same-security-traffic permit intra-interface

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/s.htm#wp1494249

Hope that helps! If so, please rate.

Thanks

New Member

Re: PIX Remote VPN user can't access remote hosts

I did configured the "same-security-traffic permit intra-interface" command in PIX2(7.0).

Is there a way to make PIX1(6.3) have the same feature?

Thanks a lot!

Cisco Employee

Re: PIX Remote VPN user can't access remote hosts

No. You can't do this on 6.3. Sorry if my previous message wasn't clear on that. Hope that helps! If so, please rate.

Thanks!

New Member

Re: PIX Remote VPN user can't access remote hosts

Ok,I see.

Thanks a lot for your help.

112
Views
6
Helpful
5
Replies