11-12-2003 05:21 PM - edited 02-21-2020 12:52 PM
Hi,
Customer has Cisco837 (Site A) and a PIX 501 (Site B). working perfectly in a site-to-site VPN. A remote access VPN is configured on (B), but because of the PIX routing limitations, they of course can't access site (A).
Has anyone has any success with a configuration similar to http://www.cisco.com/warp/public/707/ios_hub_spoke2.html , using a VPN client as a spoke, the router (A) as the "hub" and the PIX (B) as the other spoke?
I've conf'd a test config, and while the hub router (A) tries to pass the traffic, the PIX doesn't seem to want to know about it.
11-18-2003 02:02 PM
Try this document:
11-21-2003 03:32 PM
Hi:
I do not think you are going to get this to work since the PIX is not going to route the VPN packets back out the interface (Outside in this case) it originally received the packets on.
Depending on what your customer wants to do, why not setup a host on the network behind the PIX that they can Terminal Services into, or ssh into and then from that host, access the resources on the network behind the Cisco837? Good luck.
11-25-2003 12:21 PM
The idea is to use the PIX as the end point, not the central hub. I'm aware of the PIX's limitations in this regard.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide