Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

site to site vpn

Hi all,

I have a site to site vpn setup between country A and country B. We are using cisco pix515e on both sites. In country A our cisco pix515e is connected to 3 networks, office(192.168.x.x), dmz(172.16.x.x) and external. With the site to site vpn established country B office network is able to access country A dmz(172.16.x.x). We did not allow office(192.168.x.x) to be accessible via site to site vpn due to security. However country B need to access a server in country A office network. I did a NAT for to All my dmz servers can access my office server via hence the NAT is working fine. But country B office network (192.168.5.x) could not access My office server gateway is pointing to my cisco515e. Why can't country B access my office server Pls advise. Thks in advance.


Re: site to site vpn


I'm wondering whether to use the same NAT between the DMZ and Office networks on your Country A PIX as you are using for your External to Office networks.

Do you have an ACL rule on your External interface of Country A's PIX allowing Country B's source addresses to Country A's NAT'd server address?

Here is a URL explaining how to set up NAT on the PIX in different scenarios.  It specifically talks about accessing one attached network from another through the same PIX.   HTH.

CreatePlease to create content