I have a problem, please assist me !

B --- C
\ /
\ /
A <---- Remote Access Clients

The setup is as follows :

A Subnet : 192.168.1.0/24
B Subnet : 192.168.2.0/24
C Subnet : 192.168.3.0/24
Remote Access subnet : 192.168.4.0/24

Between A and B there's a tunnel
Between A and C there's a tunnel
between B and C there's a tunnel

What i want is to be able to reach B and C as a remote Access Client,
is that possible.
The hardware is Cisco PIX v6.3(4)

I have this little twist to add.. maybe it could help
B-----C
\ /
\ /
A <--- Remote Access Clients accessing PIX515 (A node)
| <--- Private subnet : 192.168.5.0/24
Router
|
LAN <--- 192.168.1.0/24

So it's really
A subnet 192.168.5.0/24 - A's IP is 192.168.5.1 and a WAN ip off course
Router IP WAN 192.168.5.3 - LAN 192.168.1.1
LAN 192.168.1.0/24 Default GW 192.168.1.1
B Subnet 192.168.2.0/24
C Subnet 192.168.3.0/24

Sad that i dont even know my own network ;-)

Hi,

Pix 6.3 has the limitation of not being able to send packets out the
interface they came in on. So the answer is no, Pix 6.3 cannot do what you'd
want.

There is a solution though. Upgrade you're Site-A Pix to version 7.0, wich
does includes support for this.
You didn't specify if your pix is a 515 or 515E. I'm not sure if PIX7.0 is
available for PIX515, I know it is for PIX515E.

Success,

Erik

<kjo@kjohansen.dk> wrote in message
news:1120167289.653750.252680@g44g2000cwa.googlegr oups.com...

Thanks Erik

The PIX is a 515E.

What i thought about was NATting the Remoteaccess users, but i see your
point..
Have you got any clue about what an update to version 7.0 costs

Regards

Kenneth

In article <1120315631.199009.289950@o13g2000cwo.googlegroups .com>,
kjo@kjohansen.dk <kjo@kjohansen.dk> wrote:
:The PIX is a 515E.

:What i thought about was NATting the Remoteaccess users, but i see your
oint..

You indicate that you have PIX 6.3(4) and that you have a 515.

The 515 supports 3 physical interfaces, even with the restricted
version, so if you have additional public IP space or can subnet
the public IP space, there are approaches you can take with adding
an interface.

The 515 also supports "logical" interfaces, which are 802.1Q VLANs.
To use those, you still need the same kind of IP space requirements
as for a physical interface, and you also need a WAN router that
supports 802.1Q VLANs, but you don't need to purchase a physical
interface.


:Have you got any clue about what an update to version 7.0 costs

PIX-SW-UPGRADE= is the part number, and the list price appears
to be $US1000, street price around $US700.


Historically, Cisco has usually allowed people to go on SmartNet
(and receive upgrades as part of the SmartNet entitlement) if they
have been off support for less than 1 year. The appropriate part
number would appear to be CON-SNT-PIX515 or possibly CON-SNT-PIX515R .
I am having difficulty finding US pricing for either part number;
it looks like the price is around $US1200 at most places -- but
possibly as low as $US325 . One place claims that you should be
able to use CON-SNT-PKG7 -- if so then that's around $US650.
I would suggest asking a company that regularily does SmartNet
contracts.
--
Are we *there* yet??