PIX506 site to site VPN

Unanswered Question
Jan 30th, 2008


I have 3 pix 506 firewall to configure for 3 sites mesh topology. All the PIXes are sat behind the firewalls with NAT enable. each site have their own firewall. There are Sites A, B, and C. Site A is using Netscreen firewall with NAT, Site B is using Checkpoint with NAT, and Site C is using Linux IPTables firewall with NAT. All the PIXes 506 will site behind (inside) firewall, Is this possible? If yes, Do you have a sample for this configuration.

Many thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
obacati21 Wed, 01/30/2008 - 06:34


Yes it is possible. The conf is as simple as full mesh VPN topology. The diferrence is that your need to use STATIC TRANSLATION on each firewall and an access-list for incoming traffic (ESP, udp/500 and udp/4500).




This Discussion