In article , Tom Pouce wrote: :I have to setup a IPSEc-VPN tunnel to a customer on a PIX 515E :The remote LAN had to connect to another remote LAN, also connected on :the same PIX via an IPsec-VPN tunnel. :Are there known problems with such a setup, or is this transparant.
:LAN-----C827-----IPsec-----PIX-----IPsec-----Netscreen-----LAN : | : Internal networks
If the 827 and Netscreen are connecting to the same interface on the PIX 515E, then the 827's LAN will not be able to communicate with the Netscreen's LAN without going through a bunch of bother.
These days, possibly the easiest work-around for the 515E is to upgrade to PIX 7.0(1) --- but that is a "dot zero" release so I would not trust it for a production system.
This limitation does not apply if the two tunnels are connected via different interfaces -- in that situation, you just have the usual security-level / access-list / static / global stuff to worry about.