Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

site-to-site vpn and internet control

Central site with pix and remote sites with ipsec ios, vpn over internet.

Could I configure a pix to be both a central vpn peer for many remote sites (via internet) and to be a central controller for remote sites central internet access.

In other words remote sites should encrypt all the traffic to the remote central pix, which controlls internet access.

Thanks

6 REPLIES
New Member

Re: site-to-site vpn and internet control

The Pix is not a router: he can not route traffic from one interface to the interface it self, the anti-spoofing will not permit it. The solution is to do it with a router with an IPSec IOS firewall .

New Member

Re: site-to-site vpn and internet control

Ok, with an IPSEC IOS firewall router in central zone but for those about nat, how can I transalte private ip from vpn tunnel to public internet ip?

Thanks

New Member

Re: site-to-site vpn and internet control

Any idea about private ip address nat traslation from vpn tunnel to internet, when vpn tunnel come from internet ?

thanks

New Member

Re: site-to-site vpn and internet control

Sounds like a hub-and-spoke configuration. See,

http://www.cisco.com/warp/public/110/pixhubspoke.html

New Member

Re: site-to-site vpn and internet control

Yes, it's an hub-and-spoke configuration but in the hub zone we need to allow central internet access for spoke zone (no split-tunnel in spoke zones)

Thanks

New Member

Re: site-to-site vpn and internet control

I currently have a Hub and spoke config. Four locations are private frame twelve locations have high speed dedicated internet connections. Our servers are at Colo site and remotes in varius locations around the globe. I am using IP/IP tunneling over the internet from remote internet sites to gain access to Colo. Remote sites use NAT for WEB access but travel over tunnel for server access. Private Frame locations connect to colo router and router passes traffic to local servers or to PIX if address isn't on or LAN. I hope this helps.

155
Views
0
Helpful
6
Replies
CreatePlease login to create content