I currently have a main site with a 2600 series router passing all traffic to a pix 501. That Pix has previously established site to site vpns configured and working to two remote sites, each with a 1750 and a pix 501. What I need to know is if there is a way to get the two remote sites to talk to each other via site to site vpn.
Each remote site has Ip phones that connect to the main site Shoretel Server. ( I know, I am trying to get then to migrate to cisco! :) ) and can access resources on the main site LAN. However, no matter what routes/tunnel config I try to add to all pix's/routers, I am unable to get remote site to call remote site.
Can this be done or is there a limitation
on separate site to site vpns in the pix's? They are running ver 6.3 if I remember correctly.
All answers/suggestions appreciated. Thanks in advance
Are you trying to get the remote sites to talk to each other via the main site ?
If so you cannot get this to work with a pix version 6.3 as you need to be able to send the traffic back out the interface it came in on. You can do this with pix version 7.x but unfortunately the pix 501 cannot be upgraded to v7.x.
If this is the problem you could
1) purchase an ASA or pix 515E or better with v7.x
2) You could use the 2600 to terminate the VPN's as the traffic can go back out the same interface it came in on although you may well need to upgrade to a security version of the IOS. Also this would put more overhead on the router.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...