03-14-2007 05:49 AM - edited 02-21-2020 02:55 PM
hi,
I have two pix's configured and can pass traffic back and forth...however i am having trouble figuring out how to route all public traffic from site2 to across the vpn and out site1's gateway...any advice?
Thanks
03-14-2007 05:58 AM
So, at site 2 you want to force all traffic over the vpn to site 1. You then want to bounce off site 1 to go to the internet? Is this correct or did I misunderstand?
This is possible. At site 2, define your vpn interesting traffic and nat exemption as "to any", this will force all traffic over the tunnel. Then, as long as you are running pix code 7.x, you can use public internet on a stick for site 2 internet access.
03-14-2007 06:06 AM
yep. thats what i am trying to do..ill take a look at the link you sent. thanks!!
03-14-2007 06:08 AM
Are you running pix 7.x?
please rate if it helped.
03-14-2007 06:19 AM
just checked...no, we arent...is there another way..or should i upgrade?
also to force the traffic on site2 pix...is that done by creating an acl such as
access-list NoNAT permit ip xxx
then
nat (inside) 0 access-list NoNAT
(just grabbed those off a cisco config example)
03-14-2007 06:28 AM
You cannot do ver 7.x on pix 501,506,520.
Is there an existing vpn tunnel between the 2 pixes?
Yes, that is the nat exemption part, there would also be interesting traffic, something like
access-list 100 permit ip
crypto map newmap 10 match address 100
03-14-2007 06:36 AM
site 1 is a 515e..
site 2 is a 501
there is an existing site to site vpn via those two pix's..
03-14-2007 06:45 AM
Your 515e would probably require a memory upgrade to support 7.x. Needs at least 64M I believe. But, if you wanted to go this route, it would work. Only site 1 would require 7.x for public internet on a stick.
The reason I asked if you already had a tunnel is you must already have your nat (inside) 0 statements etc.
What is the reason for needing site 2 internet to go out site 1?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: