Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix vpn client gateway

Status
Not open for further replies.
krismorrison

krismorrison

IS-IT--Management
Dec 20, 2005
4
US
Quick question if anyone can help.....

I have a PIX 515e (ios 6.3) using vpn clients to access internal LAN.

On our internal LAN, we have a dedicated DS3 connection to a separate network, (the DS3 router is also the main gateway that allows LAN nodes to access local and remote LAN).

Our PIX vpn clients can access everything except for the remote network connected via DS3..

Is it possible to have the VPN clients use the DS3 router as its main gateway?

Thanks in advanced
 
Sort by date Sort by votes
Sounds like a routing issue. You're PIX acts as the gateway for your VPN connections and it can't redirect to the DS3 connection, at least this is what it sounds like. But your internal users are pointed to another gateway besides the PIX correct? Does anyone use the PIX for a gateway on the inside network?

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts
 
Upvote 0 Downvote
the DS3 router is also the main gateway that allows LAN nodes to access local(??) and remote LAN....."

So is the DS3 Router directly behind the PIX?

Code: 
Internet ---> PIX ----> DS3Router ----> LAN
                           |
                           |
                          WAN                               
                           |
                         Branch LAN
Or is the PIX Inside and Main LAN on the same subnet?
Code: 
Internet ---> PIX ----> LAN <----> DS3Router
                                       |
                                       |
                                      WAN       
                                       |
                                   Branch LAN

Does the DS3 Router know how to get to the VPN Client Network (IP Pool)?

Are you using Split Tunnelling? If so does this include the Main Local LAN and the Branch LAN?

If you do a traceroute from the Branch LAN to the VPN Pool Network where does it die?

Is the Branch LAN traffic exempt from NAT (nat 0) when going to the VPN Pool Network?
 
Upvote 0 Downvote
Thanks for the responses,

Does anyone use the PIX for a gateway on the inside network? - No inside users use the PIX for their default gw.

Our gw is a 2600 series router that splits traffic destined to the remote LAN to the DS3 router, and traffic for the internet to the PIX.

Im basically trying to get the VPN client traffic to point to the 2600 router if possible.

Current config is :

Local LAN---->2600-->PIX-->internet
|
DS3 router
|
Remote LAN

Thanks again


Kris

Kris
 
Upvote 0 Downvote
Put a route into the PIX pointing to the network you want your VPN users to see.

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
280
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
121
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
349
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
86
WhosYourDiffie
WhosYourDiffie
markd885
  • Locked
  • Question
PAC file redirect web page to another gateway
Replies
0
Views
72
markd885
markd885

Part and Inventory Search

Sponsor

Back
Top