Remote tunnel, through pix, tunneled to pix, to web server

[RJ45100BT]

Okay,

i have a remote site with a pix 515, I have another pix 515 vpn'd to this pix through ethernet.

Behind that pix, on the DMZ, there is a web server.
SO it goes,

Remotepix--vpn--{O}Inetpix{O}---vpn---Inside pix{O}>-----DMZ


Now, here is where it gets tricky.

The packets coming into the internet pix, across the VPN need to go to the webserver, and back across the internal vpn between the pix's, to the outside vpn to the remote site.


Any comments, gotchas? Cuz it ain't working.

 

[yizhar]

HI.

It is dificult to get the whole picture (like what is the inside VPN used for), but I would check the following:

* Routing of the unecnrypted (outside the tunnel) traffic from host to host - remember that you need the correct route using the internal addresses along the way

* Check the access-list statements bound to crypto map on each VPN peer.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar