WE have a hub and spoke vpn design with a PIX 515 at the main site and 501's at the spoke sites. The spoke sites are unable to commincate. I guess we could fully mesh them with tunnels but i was hoping there was someway to route spoke to spoke through the main site or do something similar to an IOS Dynamic Multipoint VPN but on the Pix. What are our options?
The PIX won't route a packet back out the same interface it came in on, that includes packets coming in over one spoke tunnel and going back out over another spoke tunnel. No way around it with the PIX as a hub.
Fully meshing them would work, but get's messy and your workload increases exponentially as the number of spoke sites increases.
Changing the hub PIX with an IOS router or a VPN3000 would resolve your issues also.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...