Remote site to Remote site Pix 501 VPN

jamesbruce · ‎07-26-2007

Hello,

I currently have a main site with a 2600 series router passing all traffic to a pix 501. That Pix has previously established site to site vpns configured and working to two remote sites, each with a 1750 and a pix 501. What I need to know is if there is a way to get the two remote sites to talk to each other via site to site vpn.

Each remote site has Ip phones that connect to the main site Shoretel Server. ( I know, I am trying to get then to migrate to cisco! :) ) and can access resources on the main site LAN. However, no matter what routes/tunnel config I try to add to all pix's/routers, I am unable to get remote site to call remote site.

Can this be done or is there a limitation

on separate site to site vpns in the pix's? They are running ver 6.3 if I remember correctly.

All answers/suggestions appreciated. Thanks in advance

Jon Marshall · ‎07-27-2007

Hi

Are you trying to get the remote sites to talk to each other via the main site ?

If so you cannot get this to work with a pix version 6.3 as you need to be able to send the traffic back out the interface it came in on. You can do this with pix version 7.x but unfortunately the pix 501 cannot be upgraded to v7.x.

If this is the problem you could

1) purchase an ASA or pix 515E or better with v7.x

2) You could use the 2600 to terminate the VPN's as the traffic can go back out the same interface it came in on although you may well need to upgrade to a security version of the IOS. Also this would put more overhead on the router.

HTH

Jon

jamesbruce · ‎07-27-2007

thanks!