Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
353
Views
0
Helpful
2
Replies

PIX to PIX VPN

networker99
Level 1
Level 1

‎04-30-2009 07:17 AM

Is it possible to set up a PIX to PIX VPN with the VPN being initiated in one direction only?

Labels:
0 Helpful
2 Replies 2

m.reay
Level 1
Level 1

‎04-30-2009 08:29 AM

Depends on the version of code.

There is a connection type originate-only and connection type answer-only in some versions.

see this link

http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_one_way_VPN_tunnel_on_the_PIX/ASA

0 Helpful

ronshuster
Level 1
Level 1
In response to m.reay

‎04-30-2009 11:08 AM

I used the "originate-only" and it works just fine. But recently I have implemented another setup where instead of exposing the segments of interest on the inside to the other side I PAT to a private network thereby hiding the segments from the other side. So not only they cannot send any traffic but also there have no visibility or expose to my internal network.

Not sure if that concept can be applied on a "two way" tunnel but rather only on a tunnel that traffic is one way.

Here's what I mean:

interesting traffic --> PAT (private IP) --> cryptomap & nonats of the PAT'd address --> Internet --> other side of the tunnel.

So again, the other side of the tunnel does not know anything about the interesting traffic.

0 Helpful
Customers Also Viewed These Support Documents