Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX VPN Hub and Spoke

I have a PIX VPN hub and spoke configuration and I want to let the spokes communicate with eachother. In the documentation it says "The two outlying networks are not able to communicate with each other by going through the central PIX because the PIX does not route traffic received on one interface back out the same interface."

Can I use an router on the inside network to work around this limitation? If so, how sould I configure this?

All PIX firewalls are 506's so I cannot use PIX version 7.

Best regards, Frank


Re: PIX VPN Hub and Spoke

assuming a router is deployed on each site. a gre tunnel may be configured between the routers over the ipsec between the 506e.

New Member

Re: PIX VPN Hub and Spoke

Thanks for the reply but I had something else in mind.

What I want to do is place a router on the inside network of the hub.

I my opinion it should then be possible to direct VPN traffic comming from one spoke to the inside router (using a 'route inside 0 0 ' on the PIX). Next the router on the inside network sends traffic destined for the other spoke back to the PIX and the PIX sends it through a VPN to the other spoke.

Can this work?

CreatePlease login to create content