I have 2 pixs (501 and 506) that I am setting up as a test. I want one of the pixs to handle all of the incoming vpn and the other to be the gateway firewall.
i am having problems when someone connects to the vpn, the connection gets made and they get an ip address. the pix hosting the vpn allows packets to come through, but they don't know how to go back out through the vpn pix. I could see the ping trying to get translated to the public ip of the gateway firewall. so i added the route so packets destined for the my vpn ip local pool would be sent to that internal ip that i have the vpn pix set up on.
im missing something. hopefully, i explained enough so someone can tell me what.
basically: 2 pixs
vpn traffic can come in pixB but doesn't know to go back out to vpn ips through pixB
everything works if i set the route on the machine itself.
Could you clarify how you tried to route the packets from pixA back to PixB.
If the packets coming back from inside your network first go to the inside interface of pixA you cannot then add a route pointing back out of the inside interface of PixA to get to pixB.
If this is how it is setup this won't work with pix v6.x. This feature, called hairpinning, was added in pix v7.x but unfortunately 501's and 506E's do not run pix v7.x (you need pix515E at a minimum or an ASA device).
So unless you have a router internally your solution of adding a route on the machine is the only way to make it work.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.