I have a NS-25 at my data center that has the following relevant roles
- Tunnels to all my sites (NS-5GT's)
- A tunnel to an external site (Cisco PIX)
- Policy-based tunnels for all my sites to the external site
- Accepts incoming connections from NetScreen-Remote clients
All the sites can communicate with each other and the Cisco PIX. However, I cannot get the Remote software connections to connect to the PIX. They can connect to all my sites, just not the external one.
Please see the attached diagram to better understand.
I'm unsure if I'm missing a required route, policy or both. I've tried adding each but haven't found the magic combination to make this work. It used to work, no special Remote policy required, but no longer. I'm not sure what changed and I have no control over the PIX side.
Basically I just need to know how it SHOULD be setup so I can cajole the PIX people into helping me get it running.
Any help is appreciated.
Thanks,
James