Solved

Multiple VPN access using Cisco Pix

Posted on 2006-07-10
2
376 Views
Last Modified: 2013-11-16
Hi
We have a office in US and one in India. We have a IPsec site to site vpn configured and individual Dial UP VPN's for India and US. The problem arises when we dial in to the indian PIX and try to access the us network or vice versa.
I googled and found out that PIX does not route traffic back from the same interface it comes into the network or something like this.
Can somone throw more light on this and also suggest possible solutions.
I understand that one way of doing it is by using VPN concentrator.
Will a version upgrade help? We are presently using Cisco PIX Firewall Version 6.3(1).
Thanks
0
Comment
Question by:siddharthaparti
2 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
ID: 17072212
Yes that is true; You can't connect to one pix and make a U-turn through the same interface to get to US network. It is not supported. However, from 7.x version of Pix OS, it is supported. What kind of PIX are we talking about here?

Because 501, 506 stuff don't work on 7.x, so it has to be higher.

Cheers,
Rajesh
0
 
LVL 1

Assisted Solution

by:JEEGO
JEEGO earned 250 total points
ID: 17077394
If you are using a PIX 515 or greater with version 7.x or greater OS, then you should be able to achieve this.
Cisco refer to this as 'hairpinning', and it can be accomplished by adding a couple of ACL lines as well as using the  'intra interface' command
This is very well documented in a CISCO document you can find by copying the link below into you browser address bar

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

Hope it helps you out.

JEEGO
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco MRA Phones 4 67
ipsec tunnel comme not up 10 76
cisco VIRL 3 45
Cost effective dual wan w/ qos 5 27
There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now