Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco VPN Client to Tunnel to Two Remote Sites Through One Hub PIX

Is there a way to make it work a Cisco VPN Client to Tunnel to Two Remote Sites Through One Hub PIX

HAVING ONLY ONE OUTSIDE INTERFACE ? (I have 2 x PIX 501).

(see URL below for details)

In the following samples config it is stated that

"To ensure that this configuration works properly, you need to have TWO different interfaces connected to the "outside" network,

typically the Internet service provider (ISP). You also need to have two crypto maps."

http://www.cisco.com/en/US/partner/tech/tk648/tk367/technologies_configuration_example09186a0080103ed0.shtml

If possible, is there any sample config available ?

Thx.

Gilberto

2 REPLIES
Cisco Employee

Re: Cisco VPN Client to Tunnel to Two Remote Sites Through One H

No, you can't do this on a 501. The PIX won't redirect traffic back out the same interface it came in on, so using the PIX as a VPN hub is not possible (unless you use a different interface and crypto map for each tunnel).

Cisco Employee

Re: Cisco VPN Client to Tunnel to Two Remote Sites Through One H

Hi Gil,

It is not possible to connect a VPN Client to the Hub Pix and also tunnel the traffic to the spoke Pixes if the Hub Pix has only one interface to the outside world.

Your understanding is absolutely right and you need to have 2 different interfaces on the Hub Pix connected to the ISP, so that you can terminate your client session on one interface and send the traffic accross to the spokes using the Lan to Lan tunnel that terminates on a different interface.

Regards,

Arul

100
Views
0
Helpful
2
Replies
CreatePlease to create content