So I have a main site with a 506e on a full T1, soon to be tiered with another 506e to create a DMZ. I also have 4 remote sites on dsl/cable connections with 501s. I have a Site to Site VPN set up from each of the 4 smaller sites back to the main site, one of the uses of which will be voip traffic.
My problem is that each of the remote sites needs to be able to connect to each other remote site. The individual who initially designed this setup was planning on traffic from one remote site going back to the main site over its tunnel, and then out to the other remote site over ITs tunnel. The problem with that (unless I am wrong) is that it would require the PIX routing traffic out the same interface it came in on which it cannot do until 7.0 which is not available on the 506e.
The only other option I can think of is a full mesh network of sts VPNs but I am concerned about the ability of the 501 to handle that many simultaneous tunnels (I am also concerned about their plan to implement normal internet traffic and voip on dsl but we will have to look in to that at another time).
Will the 501 like handling all those tunnels? Is there another method for doing this that I am not thinking of?
The internet router at the main site is a 1700 and there is a layer 3 switch (35xx) also at the main site which could be used if needed.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...