Remote access routing ?

Remote access routing ?
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Remote access routing ? kjo 06-30-2005
Posted by on June 30, 2005, 2:34 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I have a problem, please assist me !

B --- C
\ /
\ /
A <---- Remote Access Clients

The setup is as follows :

A Subnet : 192.168.1.0/24
B Subnet : 192.168.2.0/24
C Subnet : 192.168.3.0/24
Remote Access subnet : 192.168.4.0/24

Between A and B there's a tunnel
Between A and C there's a tunnel
between B and C there's a tunnel

What i want is to be able to reach B and C as a remote Access Client,
is that possible.
The hardware is Cisco PIX v6.3(4)



Posted by kjo@kjohansen.dk on June 30, 2005, 3:04 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I have this little twist to add.. maybe it could help
B-----C
\ /
\ /
A <--- Remote Access Clients accessing PIX515 (A node)
| <--- Private subnet : 192.168.5.0/24
Router
|
LAN <--- 192.168.1.0/24

So it's really
A subnet 192.168.5.0/24 - A's IP is 192.168.5.1 and a WAN ip off course
Router IP WAN 192.168.5.3 - LAN 192.168.1.1
LAN 192.168.1.0/24 Default GW 192.168.1.1
B Subnet 192.168.2.0/24
C Subnet 192.168.3.0/24

Sad that i dont even know my own network ;-)



Posted by Erik Tamminga on July 2, 2005, 2:39 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

Pix 6.3 has the limitation of not being able to send packets out the
interface they came in on. So the answer is no, Pix 6.3 cannot do what you'd
want.

There is a solution though. Upgrade you're Site-A Pix to version 7.0, wich
does includes support for this.
You didn't specify if your pix is a 515 or 515E. I'm not sure if PIX7.0 is
available for PIX515, I know it is for PIX515E.

Success,

Erik

>I have a problem, please assist me !
>
> B --- C
> \ /
> \ /
> A <---- Remote Access Clients
>
> The setup is as follows :
>
> A Subnet : 192.168.1.0/24
> B Subnet : 192.168.2.0/24
> C Subnet : 192.168.3.0/24
> Remote Access subnet : 192.168.4.0/24
>
> Between A and B there's a tunnel
> Between A and C there's a tunnel
> between B and C there's a tunnel
>
> What i want is to be able to reach B and C as a remote Access Client,
> is that possible.
> The hardware is Cisco PIX v6.3(4)
>




Posted by kjo@kjohansen.dk on July 2, 2005, 7:47 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Thanks Erik

The PIX is a 515E.

What i thought about was NATting the Remoteaccess users, but i see your
point..
Have you got any clue about what an update to version 7.0 costs

Regards

Kenneth



Posted by Walter Roberson on July 2, 2005, 3:21 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
:The PIX is a 515E.

:What i thought about was NATting the Remoteaccess users, but i see your
:point..

You indicate that you have PIX 6.3(4) and that you have a 515.

The 515 supports 3 physical interfaces, even with the restricted
version, so if you have additional public IP space or can subnet
the public IP space, there are approaches you can take with adding
an interface.

The 515 also supports "logical" interfaces, which are 802.1Q VLANs.
To use those, you still need the same kind of IP space requirements
as for a physical interface, and you also need a WAN router that
supports 802.1Q VLANs, but you don't need to purchase a physical
interface.


:Have you got any clue about what an update to version 7.0 costs

PIX-SW-UPGRADE= is the part number, and the list price appears
to be $US1000, street price around $US700.


Historically, Cisco has usually allowed people to go on SmartNet
(and receive upgrades as part of the SmartNet entitlement) if they
have been off support for less than 1 year. The appropriate part
number would appear to be CON-SNT-PIX515 or possibly CON-SNT-PIX515R .
I am having difficulty finding US pricing for either part number;
it looks like the price is around $US1200 at most places -- but
possibly as low as $US325 . One place claims that you should be
able to use CON-SNT-PKG7 -- if so then that's around $US650.
I would suggest asking a company that regularily does SmartNet
contracts.
--
Are we *there* yet??


Similar ThreadsPosted
Remote access VPNs from remote location to ASA June 30, 2006, 6:02 am
Cisco 506e - remote-access vpn, split tunnel, client has no internet access. November 28, 2006, 11:12 am
Question on Remote Access VPN Access Control on IOS January 24, 2007, 11:39 pm
Routing remote office through web filter June 3, 2008, 12:28 pm
Cannot access remote VPN via PIX April 7, 2005, 10:39 am
Remote Access August 9, 2006, 2:51 pm
Remote Access VPN October 27, 2006, 6:47 pm
Remote access vpn February 29, 2008, 11:44 am
ASA 5510 Not routing remote vpn's to Internet July 24, 2006, 9:46 pm
bandwidth for remote access December 29, 2004, 8:37 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map