Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

pix with vpn clients and pix to pix dyanmic

i have 2 pix's one 505 and one 515e with 3 interfaces on the 515e.

i have a dynamic vpn tunnel from 505 pix to the 515e which works but my vpn clients cannot get into thepix 515e on the same interface, they can only get connected if i manually put in a route intf2 command to the ip address of the pc which is out on the www.

i cannot put in a route intf2 as i aleady have a default route on the outside interface.

any ideas?


Re: pix with vpn clients and pix to pix dyanmic

Usually, the PIX is configured to accept VPN requests on the outsde interface, which is the interface on which all remote VPN connections and lan-to-lan connections terminate. Dynamic maps and default routes aid with this. Split tunneling can be used to selectively encrypt traffic. DMZ is used to conect to partners and if VPN's are terminated there, it is expected that the remote peers IP address is known. If not, routing will be a problem. Two default routes will not work.

New Member

Re: pix with vpn clients and pix to pix dyanmic


Thanks for the info. This makes allot more sense now.

So basically, if we are using the outside interface for outbound internet and clients accessing our www servers on this interface only. And if we want our vpn tunnel from our main site to remote site including vpn clients on the intf2 interface , am i correct in thinking this will not work in that case.

Can you use the intf2 interface for outbound internet and accessing our internal www servers. then use the outside interface for our vpn tunnel and vpn clients.

or, do we need to use the outside interface for internet, www servers and vpn clients then use the intf2 interface only for vpn tunnel.

I have tried using the intf2 interface for a dynamic vpn tunnel to our remote site without success but this works on a static tunnel. I cannot use a static tunnel for vpn clients