Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
4
Helpful
3
Replies

Hub-Spoke IPSEC

mounir.mohamed
Level 7
Level 7

‎12-11-2006 03:10 PM

Dear All,

I have centeral Firewall (PIX535) in HQ peering via IPSEC tunnles with other 3 branches, all branches using Cisco 1700 with IOS feature set currently there is IPSEC tunnel between each branch and HQ FW, i need to configure the centeral FW to doing routing between all branches, so if branch x need to communicate with branch y it should establish it's IPSEC with HQ, then the HQ using the incoming traffic to initiate IPSEC tunnel with y (if idel) then routed the traffic between both branches.

Mainly i need to do Hub-Spoke IPSEC tunnels due to lack of hardware in the remote branches routers.

Is that allowed, If yes kindly advice.

--

Best Reagrds,

Mounir Mohamed

Labels:
0 Helpful
3 Replies 3

attrgautam
Level 5
Level 5

‎12-12-2006 12:54 AM

Use PIX Software ver 7 on the 535 and allow the traffic that comes in through an interface to go out through the same interface.

http://cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml

mounir.mohamed
Level 7
Level 7
In response to attrgautam

‎12-12-2006 03:58 AM

Dear,

Yes,

i found the URL yesterday, thanks :)

0 Helpful

Wilson Samuel
Level 7
Level 7

‎12-12-2006 06:08 AM

Hi Munir,

Just to add a short note to your environment, if you are presently using IPSec Direct Encapsulation (traditional IPSec Tunnels), you may encounter issues with respect to Multicasting Applications like Routing Protocols.

If not deployed already, you should consider migration from IPSec Direct Encap to Point to Point GRE over IPSec Tunnels.

Aleternatively you may consider implementing a DMVPN also which can take care of all the issues.

You may like to refer the following link for additional information:

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080739fd3.pdf

HTH,

Kind Regards,

Wilson Samuel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents