Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Routing between 2 VPN Tunnels

I have a referring doubt… to the PIX.

My customer has a Tunnel VPN with another country, the users who use VPN Client make authentication in a Radius Server who if finds “inside” of this Tunnel, when the users of VPN Client try to arrive in this Server, the PIX is not routing for this Tunnel, the users of VPN Client does not obtain to legalize itself.

Somebody has some idea of as to carry through this configuration?



Cisco Employee

Re: Routing between 2 VPN Tunnels


Do you mean that you have VPN clients terminating into the PIX which get authenticated to a RADIUS server which is in a L2L tunnel terminating to the same PIX.

If this is the setup then I would say that you can't make this happen because it will be U turning the traffic on the PIX. assuming you have only one public interface. In case you have 2 public interfaces, you can keep your VPN clients on the outside and you can terminate your L2L with RADIUS on the third interface. That way it is possible. Now you need to dig through the command ref to find the command which is needed to source the auth packet from an interface, source it from inside. There is a command in aaa config which can do this for you (I forgot). You can also look management access inside command in the PIX .


Re: Routing between 2 VPN Tunnels

Hi .. I think I have read on this forum a previous post mentioning that version 6.3.5 does support U-turn .. you might want to double check this, as that could be your issue.

CreatePlease login to create content