I'm not even sure how to title this conversation, but here goes. We have a hub and spoke VPN setup with a 515E as the headend. There are PIX 501s at the remote locations. I have several remote site connecting to the PIX server, but not to each remote location. For server administrative purposes, I'd like to be able to allow the remote site to be able to at least VNC or Remote Desktop thru the tunnels.
Is this possible? What are the security implications? What would the access-list look like? Are the access-lists on the PIX head end only or are there access-list on all firewalls allowing traffic thru?
Some sites are easy VPN and others are Site to Site.
but you need CONNECTIVITY between remote sites (w/o using remote-site to remote-site vpn). If that's the case, you need to use hairpinning - which means your PIX515e needs to be running PIX OS 7.x since 6.x doesn't support it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...