Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problem with Pix Client VPN access over the Site to Site VPN

Status
Not open for further replies.
evildik

evildik

MIS
Sep 2, 2003
39
US
Currently there is a site to site VPN setup between a PIX 515 and a 506e. When i try to connect using the Cisco VPN Client over the internet to the 515 i cannot access the remote network on the other side of the already established site to site vpn to the network on the remote side of the 506.

vpnclient -> pix515 --> over site to site vpn tunnel -->pix 506

Interesting enough when at location at the 515 lan side i can access the 506 lan side over the site to site fine. Anyone else have problems with this?

HELPPPPPPPPPP
 
Sort by date Sort by votes
Well I think this is where the fact that the pix cannot route comes into play..

Any data coming into an interface cannot leave the same interface..

I can't think of/don't know a work around


BuckWeet
 
Upvote 0 Downvote
thats a interesting point but it should be able to be done no?

Client VPN at home connects to 515 PIX
515 already has a site to site VPN setup to 506


Client wants to access network resources over the VPN tunnel at remote site.

This cant be done?
Funny however that i can terminal to a machine in the 515 lan network and then from there i can terminal to the 506 lan network over the VPN tunnel

Can anyone help?
 
Upvote 0 Downvote
Because, its just what i said, the pix cannot route traffic from the same interface.

when you're vpn'ing into the 515, your going in the outside interface.. the lan 2 lan tunnel terminates on the outside interfaces from both sides..

Hence what I said, the ipsec connections never go past the outside interface.

you can get to it from the inside interface because the traffic is not being routed in and out the outside interface.


BuckWeet
 
Upvote 0 Downvote
Yes i understand what you are saying. You are right. Im just wonderign if there is another way around this.


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
358
gkittelson
gkittelson
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
843
intel233
intel233
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
1K
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
287
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top