Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
202
Views
0
Helpful
1
Replies

PIX VPN

london.ism
Level 1
Level 1

‎07-07-2009 06:23 AM - edited ‎03-11-2019 08:51 AM

Hi all,

I would like to implement the following config on a 501 Pix: on the outside interface of my PIX which is in location b, I have two vpn tunnels going to two separate locations, a and c. Now I would like, through these tunnels, a to be able to contact c through b. Is this possible? Is this one of the cases that requires double NAT-ing? Are there any issues with PIX 501 to receive and send a packet on the same outside interface?

Many thanks

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎07-07-2009 06:41 AM

Elena

"Are there any issues with PIX 501 to receive and send a packet on the same outside interface?"

Unfortunately it won't work with a Pix 501. The feature you need is called "hairpinning" but this is only supported on pix v7.x code and later (also supported on ASA devices). The pix 501 cannot run v7.x code.

Pix 515E, 525 and 535 are the only pix firewalls that can be upgraded to v7.x code.

Alternatively a router can support hairpinning.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card