minitaz
asked on
Remote Access configuration for hybrid Hub-and-Spoke networks
Need some help in configuring remote access VPN via PIX.
Some background.
1. Local network, say network A: 10.10.x.x. With connection to Internet and other site via MPLS.
2. Other site1, say network C: 10.15.x.x.
3. 'spoke' sites from network A, say network B: 10.11.x.x. Appliance used for Site-to-site VPN between B and A is Cisco PIX 515 with PIX 7.2.
So far, all is well between the 3 networks. Traffic is allowed between A, B and C with A as the 'hub' between B and C. Users on network A and B are accessing an application server in network C just fine. Users on B are accessing network C via network A's MPLS.
I now want remote access users from home, to VPN into site A, and still able to access applications hosted in site C. VPN address pool allocated is 192.168.x.x.Packet Tracer on ASDM is used to trace packet from 192.168.x.x to 10.11.x.x to be successful, but the testing revealed otherwise.
What else can I look into to ensure connectivity for Remote Access to network C via tunneling into A?
Some background.
1. Local network, say network A: 10.10.x.x. With connection to Internet and other site via MPLS.
2. Other site1, say network C: 10.15.x.x.
3. 'spoke' sites from network A, say network B: 10.11.x.x. Appliance used for Site-to-site VPN between B and A is Cisco PIX 515 with PIX 7.2.
So far, all is well between the 3 networks. Traffic is allowed between A, B and C with A as the 'hub' between B and C. Users on network A and B are accessing an application server in network C just fine. Users on B are accessing network C via network A's MPLS.
I now want remote access users from home, to VPN into site A, and still able to access applications hosted in site C. VPN address pool allocated is 192.168.x.x.Packet Tracer on ASDM is used to trace packet from 192.168.x.x to 10.11.x.x to be successful, but the testing revealed otherwise.
What else can I look into to ensure connectivity for Remote Access to network C via tunneling into A?
ASKER
Thanks PeteLong. As stated, the PIX in network A is on PIX version 7.
ASKER
What I have tried so far, is by following this guide: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml
However, it is not really working, as the destination I need is not through the same interface as it came in.
However, it is not really working, as the destination I need is not through the same interface as it came in.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The Asker has requested that this question be re-opened and PAQ'd as a self-solution.
https://www.experts-exchange.com/questions/22871523/07-Oct-Refund-for-question-ID22863195.html
Please post any comments/objections here.
Thank you.
Vee_Mod
Experts Exchange Moderator
https://www.experts-exchange.com/questions/22871523/07-Oct-Refund-for-question-ID22863195.html
Please post any comments/objections here.
Thank you.
Vee_Mod
Experts Exchange Moderator
Closed, 250 points refunded.
Vee_Mod
Community Support Moderator
Vee_Mod
Community Support Moderator
This is called "Hairpinning" you need to be at PIX version 7 at least or this will not work