Solved

Multiple VPN access using Cisco Pix

Posted on 2006-07-10
2
388 Views
Last Modified: 2013-11-16
Hi
We have a office in US and one in India. We have a IPsec site to site vpn configured and individual Dial UP VPN's for India and US. The problem arises when we dial in to the indian PIX and try to access the us network or vice versa.
I googled and found out that PIX does not route traffic back from the same interface it comes into the network or something like this.
Can somone throw more light on this and also suggest possible solutions.
I understand that one way of doing it is by using VPN concentrator.
Will a version upgrade help? We are presently using Cisco PIX Firewall Version 6.3(1).
Thanks
0
Comment
Question by:siddharthaparti
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
ID: 17072212
Yes that is true; You can't connect to one pix and make a U-turn through the same interface to get to US network. It is not supported. However, from 7.x version of Pix OS, it is supported. What kind of PIX are we talking about here?

Because 501, 506 stuff don't work on 7.x, so it has to be higher.

Cheers,
Rajesh
0
 
LVL 1

Assisted Solution

by:JEEGO
JEEGO earned 250 total points
ID: 17077394
If you are using a PIX 515 or greater with version 7.x or greater OS, then you should be able to achieve this.
Cisco refer to this as 'hairpinning', and it can be accomplished by adding a couple of ACL lines as well as using the  'intra interface' command
This is very well documented in a CISCO document you can find by copying the link below into you browser address bar

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

Hope it helps you out.

JEEGO
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question