I have a PIX VPN hub and spoke configuration and I want to let the spokes communicate with eachother. In the documentation it says "The two outlying networks are not able to communicate with each other by going through the central PIX because the PIX does not route traffic received on one interface back out the same interface."
Can I use an router on the inside network to work around this limitation? If so, how sould I configure this?
All PIX firewalls are 506's so I cannot use PIX version 7.
It is certainly true that the PIX code up to version 7 would not route traffic back out the interface that it arrived on. One of the implications of this was that in hub and spoke networks the spokes could not communicate with each other.
If you could configure the inside router to run IPSec and to terminate VPNs, you could then have the spokes terminate their VPN on the router and the spokes could communicate with each other. Or if you could get the PIX to forward spoke to spoke traffic to the router, and get the router to forward it back to the PIX it might work (but I am not sure how you could get the PIX to do that).
So I do not believe that there is an easy answer for you as long as you need to keep these PIX.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...