Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Multiple VPN access using Cisco Pix

Posted on 2006-07-10
2
Medium Priority
?
398 Views
Last Modified: 2013-11-16
Hi
We have a office in US and one in India. We have a IPsec site to site vpn configured and individual Dial UP VPN's for India and US. The problem arises when we dial in to the indian PIX and try to access the us network or vice versa.
I googled and found out that PIX does not route traffic back from the same interface it comes into the network or something like this.
Can somone throw more light on this and also suggest possible solutions.
I understand that one way of doing it is by using VPN concentrator.
Will a version upgrade help? We are presently using Cisco PIX Firewall Version 6.3(1).
Thanks
0
Comment
Question by:siddharthaparti
2 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 750 total points
ID: 17072212
Yes that is true; You can't connect to one pix and make a U-turn through the same interface to get to US network. It is not supported. However, from 7.x version of Pix OS, it is supported. What kind of PIX are we talking about here?

Because 501, 506 stuff don't work on 7.x, so it has to be higher.

Cheers,
Rajesh
0
 
LVL 1

Assisted Solution

by:JEEGO
JEEGO earned 750 total points
ID: 17077394
If you are using a PIX 515 or greater with version 7.x or greater OS, then you should be able to achieve this.
Cisco refer to this as 'hairpinning', and it can be accomplished by adding a couple of ACL lines as well as using the  'intra interface' command
This is very well documented in a CISCO document you can find by copying the link below into you browser address bar

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

Hope it helps you out.

JEEGO
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question