If the two VPN connections are both terminated in the same PIX, then
you can't do this unless you're running the new 7.0 PIX software. It
sounds like that's not the case in this situation, so it should be
possible to make it work. The key in this case is to make sure the
access-lists that define the local and remote networks/subnets of the
site-to-site VPN tunnel include the users at the remote end of the
client VPN tunnel(s). For example, if the site-to-site VPN between
you and the parent company is configured to allow your
network to talk to their network, and the VPN clients
connecting to your PIX are getting addresses assigned from an address
pool using addresses, then you'll need to add the network to the access-lists that are configured in your
router and the router at the parent site. In your router, the new
ACL line would list as the source and as
the destination. In the parent router the new access-list line will
list as the source and as the destination.
You'll also have to make sure the routing is correct at all the
involved locations and devices, since VPN's aren't "traffic
magnets". That is, the packets to be encrypted have to already be
routed in the correct directions, as if there were no VPN's - the
encryption then happens because the packets match the crypto access-
lists that are associated with the crypto map on the outgoing

I hope this helps - Good luck!


Dana J. Dawson Dana.Dawson@qwest.com
Sr. Staff Engineer CCIE #1937
Qwest Communications JNCIA-FWV
600 Stinson Blvd., Suite 1S
Minneapolis MN 55413-2620

On Dec 7, 2005, at 7:55 PM, Venkat Kaushik wrote:

> We have VPN tunnel from my company to parent company through cisco
> routers
> it works fine for us to acces their corporate network as long as we
> are in
> the office
> We also use VPN through PIX for the clients/users to access our
> network
> from outside
> now I want to connect to the parent company through our comany by
> cisco
> vpn client ie
> from Outside using cisco vpn client iI connect to corporate
> network once
> i am into our network I want to reach the parent network i
> (intranet) it is
> not working
> The parent company told me to disable split-tunneling which I did
> still
> not working is this conf possible
> if so what do ineed change
> thanks
> Venkat
> __________________________________________________ _______________
> Express yourself instantly with MSN Messenger! Download today -
> it's FREE!
> http://messenger.msn.click-url.com/g...ave/direct/01/
> _______________________________________________
> VPN mailing list
> VPN@lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn

VPN mailing list