Build up a full routing capaciity  in PIX

Posted on 2006-04-03
Last Modified: 2013-11-16
I have installed several Cisco PIX in HQ and different branch offices. Say HQ ( BranchA (, Branch B ( Internet is the only WAN link connecting each Branchs office and HQ.

When my VPN client connecting ot HQ PIX, it could only route to the server located Is there any way to configure my HQ PIX (or additional with any equipment) so that this VPN client could able to route to other Branch office through the HQ PIX.

My HQ has already divided in serveral VLAN. (, inaddition to If I install a local router on my HQ which could allow it to route across these VLANs and my local lan. Afterwards, I install a static route in my HQ PIX. Could then allow my remote Cisco VPN client to access these VLAN once they form a tunnel with my  HQ PIX ?

route inside [internal router]  -> enable VPN client to VLAN1
route inside [internal router]  -> enable VPN client to VLAN2
Question by:AXISHK
    LVL 20

    Accepted Solution

    >...any way to configure my HQ PIX... so that this VPN client could able to route to other Branch office through the HQ PIX
      Not if the HQ PIX is running 6.x software.  PIX versions <7.x won't allow encrypted (VPN) traffic to enter & leave the same interface.

      See below for some examples with PIX v7.x:

    LVL 10

    Assisted Solution

    You may configure multiple VPN connection, one to each location from the VPN Clients.

    As calvinetter  said earlier, you can not do it from the single connection, unles you have newer version of PIX.
    LVL 20

    Assisted Solution

    A possible workaround, if all your PIXes are 6.x:
    - setup a "fully-meshed" site-to-site VPN between all PIXes
    - also configure client VPN access to all PIXes
    - IF you have a Terminal Server or users have a desktop PC available at one of the locations
    ...They could then connect to a single location via Cisco VPN client, RDP (or PCanywhere, VNC, etc) to a workstation & from there access all other branches.

      Here's an example of a fully-meshed config between 3 sites (example uses old version 6.1, but otherwise is a good example):
      Other IPSec config examples:


    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now