Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN working OK but unable to access other sites.

Status
Not open for further replies.
RickyTicky

RickyTicky

Technical User
Jan 19, 2003
9
GB
I currently have a Pix 506 running in our remote office, this pix joins the remainder of the LAN by Vpning into our network. So theres already one VPN in place. I have configured the pix in the remote office1 to allow incomming VPN's from remote users. Now at current people in the remote office1 can access resources in office A And B. But when the remote users VPN into remote office1 they can only access resources withing that local LAN, and cannot ping or access any resources throughout the network.

Below is the setup to illistrate how remote users come into the network.
No to access Head Office
headoffice 194.X.X.X vpn users (192.168.102.2)PIX 501
| |
\ |
Router ( ISP Broadband Router Not configurable)
|
Pix 506e
|
|
remote office1 - 192.168.100.0 network


Currently this Pix 506e is already VPNING into Head office, this is working fine, but for some reason after remote users VPN into the office they are unable to ping other resources at Head office. I find this very peculiar as people on the 192.168.100.0 network can access head office. I was under the impression, once you were in the network you would then be able to access all resources. I'm aware this looks like a routing problem, exept the router at remote office 1 is actually a broadband router with no additional routes assigned (just standard). Would there be any additional routes needed on the Pix506 or 501 (thats what the remote users are using)?

Any help would be grately appreciated.

Best Wishes

Rickster







 
Sort by date Sort by votes
The PIX is not yet able to route packets back on the same interface they arrived, this VPN clients can only access the network behind the PIX they are VPNed into and not the Head Office network. You need a router or a VPN3000 concentrator to achive your task, or you can wait until Cisco releases PIX version 7.0 which removes this restriction.
 
Upvote 0 Downvote
You can do this by using what is called Hairpinning. The cleanest solutionas themut states is to use a concentrator, but hairpinning works just as well and can be done a very little cost using a router as low as a Cisco 1600 series.
Just search on for the solution.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
289
Sameer258
Sameer258
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
367
Shmid
Shmid
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
304
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
299
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
128
gkittelson
gkittelson

Part and Inventory Search

Sponsor

Back
Top