Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN 3005 Concentrator and inter vpn routing

Here's the gist of it:

We require to have a VPN cloud (Internet based) for 5 sites plus 50 or so remote users.

The head office is where all the termination for the VPN is going to take place.

Each remote site wants to be able to communicate with each other.

Thes sites will initialy be coming thru headoffice.

The question is - PIX will not send back data over the the same interface but a eg 3005 concentrator seems to be able to hold a routing table.

Can I get away with one PIX and concentrator at head office and just PIXs at remote sites or do I need to spec concentrators at all sites?

The sample configs on Cisco seem to indicate that concentrators are required at all sites to create a meshed network.

But is there a cheaper way?



Cisco Employee

Re: VPN 3005 Concentrator and inter vpn routing

You can have a 3000 and a PIX at the head end, use the 3000 for all your VPN termination from the remote sites, and use the PIX for your outgoing Internet connectivity. You can stick the 3000 and the PIX in parallel, or put the 3000 off a DMZ of the PIX if you like.

The PIX's at the remote sites would build there VPN tunnels to the 3000 at the head end, and the 3000 will be able to re-route packets back out to a different remote site. The only trick is that your network lists in the 3000 and the remote PIX's have to be written correctly to ensure that traffic for each remote site is included.

CreatePlease to create content