Redirect all traffic from remote to central site

Answered Question
Apr 27th, 2008
User Badges:

I have the following connectivity.

PIX A, PIX B and PIX C is connected to internet. There is a VPN tunnel from PIX A to PIX B and another tunnel from PIX B to PIX C. VPN tunnels are configured and from A-PIX network I can access B-PIX local network. Is it possible to send all traffic to B-PIX. I mean if any user from A-PIX like to browse internet there all traffic will go through to B-PIX. Beside this is it also possible to share the tunnel created in B-PIX. I mean can I access C-PIX network from A-PIX via B-PIX without configuring anything in A-PIX.



Attachment: 
Correct Answer by rkalia1 about 9 years 3 months ago

Configure "same-security-traffic permit intra-interface" on PIX B to allow the incoming VPN traffic from PIX A to use the same outside interface on PIX B for internet access.

You can also access PIX C network via PIX B. Include the network of PIX A in the crypto access-list configured at PIX B and also include the network of PIX A in the crypto access-list of PIX C. Then they can talk with each other. This is nothing but a sort of spoke-to-spoke communication with PIX B as a HUB.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
rkalia1 Sun, 04/27/2008 - 05:58
User Badges:

Configure "same-security-traffic permit intra-interface" on PIX B to allow the incoming VPN traffic from PIX A to use the same outside interface on PIX B for internet access.

You can also access PIX C network via PIX B. Include the network of PIX A in the crypto access-list configured at PIX B and also include the network of PIX A in the crypto access-list of PIX C. Then they can talk with each other. This is nothing but a sort of spoke-to-spoke communication with PIX B as a HUB.

Actions

This Discussion