ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
dreamleo
New Member
Posts:
1
Joined:
Mon May 01, 2006 3:34 am

[HELP]Site-to-site VPN on PIX

Mon May 01, 2006 3:42 am

I am not familiar with Cisco firewall, I need your help to figure this out.

I am using cisco pix 506E, The structure of my network is like this Internet-->ISP router-->switch --->firewall-->LAN

the LAN address range is 192.168.1.0/24 (default), firewall ip is 192.168.1.1

1. Now we established an Internet site-to-site VPN with some other server through firewall.
2. The address range assigned to us is 192.168.52.40/29. Because all the machines in LAN have an address like 192.168.1.*, so they cannot access the VPN (ping the other side).
3. I tried to do a static NAT to one of the machine (from 192.168.1.2 to 192.168.52.41), then it can ping the other side. But at the same time, it cannot ping 192.168.1.1, that means it cannot access Internet.
4. The other side doesn't allow split tunneling. Is there a way to configure the firewall so that the machine can access the VPN while accessing the Internet? How to achieve this? edit routing table? What is your suggestion?

Thanks a lot for your help!

BobN
New Member
Posts:
7
Joined:
Fri Oct 21, 2005 11:21 am

Tue May 02, 2006 3:56 pm

You might want to consider asking in the security forum....

User avatar
Steve
Site Admin
Posts:
10617
Joined:
Mon Dec 06, 2004 6:46 pm
Certs:
CCNA

Tue May 02, 2006 4:10 pm

Topic moved.

'

Return to Cisco Security

Who is online

Users browsing this forum: Google Feedfetcher and 24 guests