Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
1
Replies

Site-to-Stie VPNs with PIX

kennethchew
Level 1
Level 1

‎10-08-2003 10:15 PM - edited ‎02-20-2020 11:02 PM

Hi,

I've a central PIX which is connected to 2 remote sites via 2 site-to-sites IPSec tunnels. Both these 2 tunnels are terminated on the same outside interface on my central PIX.

Is it possible for me to configure the 2 remote sites to talk to each other without configuring a separate IPSec tunnel between them?

Regards

0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎10-09-2003 03:10 AM

Not with PIX, which doesn't allow packets to leave an interface they came in on. If PIX A and C each have a tunnel to B, for A to talk to C through those existing tunnels, A would send the packet to B's outside interface (assuming all the crypto map commans are enabled on the outside interface), then B would have to send it out the outside interface which is just came in on = not going to happen.

Even if it did work, it would just add more latency and network utilization (because everything from a to c would have to travel in and out of B), so it would be worth avoiding

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card