RE: Ping between PIX remote peers

["Utz, Ralph" <rutz () realtime-it com>]

Based exactly as you have diagrammed, your setup will not work. You will
not be able to ping from end point to end point. The reason is because
the PIX will not send traffic out the same interface it came in on. In
this scenario, traffic from 192.168.51.0 is coming into the PIX on
interface0 and needs to go back out interface0 to get to 192.168.50.0
By design, the PIX will not pass this traffic. 

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Juan
Pablo Feria Gomez
Sent: Sunday, April 23, 2006 7:25 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Ping between PIX remote peers

I have the following scenario



192.168.51.0 -|router|-----/dsl/----|   |
                                            
|PIx|---------172.16.10.0(lan behind pix)
192.168.50.0 -|router|----/dsl/-----|   |




- 2 routers connected to the pix using ipsec through internet

- both 192.168.50 & 51 networks can ping the 172.16.10.x network

- I want to have communication between the 192.168.50.x  &
192.168.51.x  networks

- i added the 192.168.50.0 ---> 192.168.51.0  and 192.168.51.0 --->
192.168.50.0  traffic to the vpn's access lists on the 3 ciscos,,, 
there are no "proxy errors" in the crypto debug... but there are no
communication :(


is this possiblle?  I read something about  "split tunnel"
configurations,  can be used here?

Thanks in advance
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards