Can a PIX 501 pass data from remote VPN users over a second site-to-site VPN ?
Posted on 2006-07-21
Over the years, I have had reasonable, but basic exposure to setting up a number of VPNs.
However, these have EITHER been site-to-site OR Remote users into an HQ. I now have the following scenario:-
Currently setting up a new UK office, for which we have installed a PIX 501. We have established a working site-to-site VPN with the head office back in the States (to a 515E) and also have established working Remote User VPNs into the UK office.
However, what is also needed is for the Remote Users to access BOTH the UK AND USA networks at the same time (e.g. for File-and-print access to the UK LAN, whilst also picking up emails from the Exchange server on the USA LAN).
Is this possible ? Ideally, we do not want the UK Remote Users to connect to the USA PIX directly, due to load and licensing issues.
Other factors that may be pertinent are that the remote users typically have either Mac Powerbooks or various smartphones, so we are not using the Cisco Easy VPN Client.
I am led to believe that this had previously been successfully achieved in the old UK office (using a Netopia ADSL router). However, the guy that set that up is no longer around and the new office does not allow direct ADSL access (it is a managed suite with an ethernet interface into the landlord's own router).
Any help or guidance would be greatly appreciated, as we are up against the clock to get it completed.