Hi, Im not too familiar with pix and vpn tunnels and have run in to a problem.
I've got the following setup
Site X Site Y
(ip 1.1.1.1)--------Internet----------(ip 2.2.2.2) / \\---------VPN-------------/ \\ (Mail server) (Mail server) (ip 1.1.2.2) (private IP 10.0.0.2)
The tunnel allows traffic from the whole 1.1.2.0/24 net of site X to the whole 10.0.0.0/24 net of site Y with NAT exemption.
This works correctly for all applications, exept mail. When the mail server at site X looks up the mx record of site Y it see's the NATed address of 2.2.2.2 and not the real address of
10.0.0.2. So the smtp session is set up over the internet from site X, but when site Y mail server tries to respon the pix sends the traffic through the tunnel to site X and it gets dropped because of asymetrical routing. (wrong source IP).I do not administer site X and cannot change mx record to the private address and have therefore tried to force traffic from the mail server at site Y to go over the internet as opposed to the tunnel when sending to mail server at site X. But I just cant get it to work.
Hope some of this made any sense and all suggestions would be most appreciated.
-SAto