Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Site-to-Site routing issue

Status
Not open for further replies.
mynus

mynus

Technical User
Jul 11, 2005
20
US
Simple question that goes with the basics of VPN's I'm sure. Pix 506 (sute A) to 515 (sute B) setup, tunnel works just fine. I have users connecting to Site A, but now I need them to be able to access Site B while using the Site A connection. Shouldn't this just be automatically possible since the 506 knows where to find the 515? I must be missing some sort of rule. I'm basically looking for the steps I should have taken to make this possible, as I think I missed something.
 
Sort by date Sort by votes
Hi,

Can you post both configs (minus any passwords, real ip's etc) ?

Regards Colin.
 
Upvote 0 Downvote
I can, I'm just trying to avoid confusion first. I think this is a routing issue, that's why I was asking what the usual steps were. I've got these two pix's running, but when you connect with a VPN client to one site, you can
t get to the other. I want to be able to access Site B by connecting through Site A.
 
Upvote 0 Downvote
so vpnclient to site A who has a vpn to site b. You want the client connected to site A access devices on site b, correct?

Don´t think that is possible prior to version 7.
 
Upvote 0 Downvote
Correct, I basically want to be able to VPN into Site A, and function as if I were on my network. That means, I want to be able to access a web site I have running out at Site B, by connecting to Site A and having my protected traffic routed through that network. I've seen it working well before 7 was released. I don't know how it couldn't be possible.
 
Upvote 0 Downvote
What you are trying to achieve is called "hair spinning".
Due to the security level feature on the interface on
the pix, this is NOT possible.

I've NOT tried this feature with Pix 7.x yet so I can not
tell you if it will work. Furthermore, the Pix 506 can NOT
run version 7.x anyway.

What you're trying to achieve can be done quite easily
with Cisco VPN concentrator or Cisco IOS 12.3.x or higher.
It works on VPN Concentrator or Cisco IOS because the
device has no security level on the interface, contrast to
the Pix device.
 
Upvote 0 Downvote
So if I make my "central" IPSEC endpoint a Cisco router with that IOS version or higher, I can setup tunnels to my remotes, and have my remote users connecto a Pix behind said router, THEN they will be able to access those remote sites?
 
Upvote 0 Downvote
This is something I've been struggling with too it seems. Maybe a little different but I just want my remote sites to act as if they are virtually internal to my network. I've heard about vpn concentrators and such but I'm not sure of the direct benefits and capabilities.

I currently run a 515 at my home office and four sites have 501's in them. Would it benefit me at all utilizing a vpn concentrator with the 501s?

Thanks all.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
778
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
713
nnaarrnn
nnaarrnn
wrighbr1
  • Locked
  • Question
Cisco ASA 5505 site to site VPN problem
Replies
0
Views
176
wrighbr1
wrighbr1
jfp23
  • Locked
  • Question
Site to Site VPN Security
Replies
2
Views
226
PScottC
PScottC

Part and Inventory Search

Sponsor

Back
Top