03-06-2007 01:20 AM
Hi,
I have some Vpn (IPSec)that are deployed from my headquarter and some branch office through Cisco Pix.
Pix 525 on headquarter and Pix 501 on branch.
So far internet traffic from each branch
office was indipendent (nat).
Now we have increase bandwidth on headquarter (2Mb > 8 Mb)and I would like
do pass all traffic on headquarter through tunnel IPSec so also all internet traffic will pass from only router on main site.
Can I do it ?
Does somebody advice me some documents or configuration examples about it ?
best regards
Lorenzo
03-06-2007 02:12 AM
Hi Lorenzo,
First of all you need to have PIX 525 on 7.x code for U-turning to work.
You can go through the document that explains the similar scenario for a VPN client :
You setup would be very much similar. Let me know if you have some more questions.
*Please rate if helped.
-Kanishka
03-06-2007 02:57 AM
Hi
perhaps I'm not explain so well.
I haven't Vpn client but I have all my branch
networks behind Pix 501.
I want know if I can do pass also traffic internet in tunnel IPSec and if I can how do it.
best regards
Lorenzo
03-06-2007 05:03 AM
Hi Lorenzo,
I understand you do not have a VPN client, but there's no readymade config example for what you are trying to do.
To give you brief idea of how the configuration on PIX 7.X would look like, I sent you the doc.
I will proceed to give you an example of how the config will look like. Assuming the PIX 501 n/w is 1.1.1.0/24 and PIX 525 n/w is 2.2.2.0
ON PIX 501 :
The crypto ACL would look like :
access-list cry_acl permit ip 1.1.1.0 /24 any
On PIX 525:
same-security-traffic permit intra-interface
The crypto ACL :
access-list cry_acl permit ip any 1.1.1.0 /24
The NAT config(to nat the traffic for Internet) :
nat (outside) 1 1.1.1.0 255.255.255.0
global (outside) 1 interface
Let me know if you have some more questions.
*Please rate if helped.
-Kanishka
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: