Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can 2 VPN remote sites communicate through tunnel via a mutual 3'rd PIX?

Hi,

I have a client that has a PIX 515E at the HQ of the company and 2 PIX 501s at remote sites. As of today the 2 remote PIXs have a site-site VPN connection with the HQ PIX.

My question is.... is it possible to have the HQ PIX act as a VPN "hub" for the remote sites to communicate through? What I mean is, is it possible to configure the PIXs so that traffic from remote site B can go through the tunnel to the HQ and then through the tunnel to remote site B?

If this is possible, how? Would the HQ PIX have enough info to route the packets the right way? What would I have to do?

Many thanx in advance to whoever will respond. :-)

If the question is too unclear, please post here and tell me so....

Steffen

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Can 2 VPN remote sites communicate through tunnel via a mutu

Steffen,

Unfortunately, the answer to this is NO. The PIX will not "re-direct" packets back out the same interface where they were received. This is by design and is part of the security algorithm on the PIX. Both the VPN 3000 and IOS will do this but not the PIX.

However, as a work-around, can you not just create another tunnel on the 2 spokes to one another? In other words, setup a "triangle" of sorts. This is generally what we suggest in situations such as this.

Hope this helps.

Scott

2 REPLIES

Re: Can 2 VPN remote sites communicate through tunnel via a mutu

Steffen,

Unfortunately, the answer to this is NO. The PIX will not "re-direct" packets back out the same interface where they were received. This is by design and is part of the security algorithm on the PIX. Both the VPN 3000 and IOS will do this but not the PIX.

However, as a work-around, can you not just create another tunnel on the 2 spokes to one another? In other words, setup a "triangle" of sorts. This is generally what we suggest in situations such as this.

Hope this helps.

Scott

New Member

Re: Can 2 VPN remote sites communicate through tunnel via a mutu

Hi,

and thanx for the reply. It was as I feared, but just needed a verification from another person.

Another thing that some collegues of mine want is to have access to the remote sites. Since they as of this day already have remote VPN access to the HQ, they wanted to use this same connection to be able to remotely support the clients remote sites. I think the best solution is to create new VPN tunnels that my collegues can establish via the Cisco VPN client software.

Again...thanx for the reply! :-)

Steffen

197
Views
0
Helpful
2
Replies
CreatePlease to create content