routing data 1

[JacobTechy]

Before I ask my question our network is setup as follows.
4 cisco firewalls pix 515e (one per office location therefore 4 different LANS), 1 cisco vpn concentrator 3000 at one of those locations. So our WAN consist of a VPN. Remote users use a cisco vpn client to access our VPN network. On this vpn client users have 4 differenct connection options one per location.

One of our remote users needs to access files from the network of the closes remote office(2). Once connected to that location via vpn a network shared drive to the folder that needs to be accesses is created using a batch file.

The problem is that he cannot collect email from the
email server since it is located at one of our other locations(1). However the close office(2) LAN is connected to location 1 via vpn for users to collect email. How can I route his email data through office 2 then to his computer. When I ping the email server ip from his computer I get NO replys even though he is connected to office 2.

 

[IPKONFIG]

Where is the 3000 series located? What branch?

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[JacobTechy]

same location as our email server

 

[IPKONFIG]

Correct me if I'm wrong here. But this is what I picture when you explain your network.

LAN 1 --- PIX 1 --- Internet ----

LAN 2 --- PIX 2 --- Internet ----

LAN 3 --- PIX 3 --- Internet ----

LAN 4 --- PIX 4 --- Internet ----

User connects to PIX2 via VPN Client (gets IP address of that LAN2) cannot ping e-mail server located on LAN1 from his computer. PIX1 & PIX2 are connected via VPN to each other, and I'm assuming that your using NO-NAT to connect them. So their LANS should be able to ping each other.

Here is what I would check if what listed above is correct.

1. Check to make sure your ACL that specifies interesting traffic includes ICMP and your e-mail (SMTP 25). You want to make sure this traffic is tunneled when trying to get off it's local network. It's very possible that your Pings are going to the internet and are not getting tunneled in the VPN.



"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[JacobTechy]

Yes that is correct about our network but
client transport tunneling = IP SEC Over UDP(NAT/PAT)

What if the user cant ping other servers/computers on the same LAN1 as our email server?

 

[IPKONFIG]

If the user cannot ping the mail server on LAN1 from LAN2 then I would say that he cannot ping any other machine on LAN1. Make sure you have your interesting traffic defined for ICMP and make sure you have routes in your PIX firewalls to the destinations your trying to reach.

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts