Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

routing VPN traffic through PIX from Netscreen device

I have a Netscreen to PIX VPN connection. The PIX acts as a hub to other VPN devices. I need to have hosts behind the Netscreen connect to hosts behind a third device. I have attached a jpg file to illustrate the topology. All vpns are up and working fine I need to add this functionality. Any help would be greatly appreciated.

Thanks in advance

L. Mace

5 REPLIES

Re: routing VPN traffic through PIX from Netscreen device

Luckymace,

Your probably going to have a much easier time setting up a vpn between the concentrator and the Netscreen then redirecting the traffic down another tunnel. Besides why load up your pipe with traffic at the pix if it doesn't need to traverse there.

Patrick

New Member

Re: routing VPN traffic through PIX from Netscreen device

Yes, that was my first thought. However, the Concentrator is in a very secure location and will not allow my company to have multiple entry points.

Thanks

Bronze

Re: routing VPN traffic through PIX from Netscreen device

Hi,

Have you checked the document on:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801c4445.shtml

It contains lots of useful information for your case...

Regards,

New Member

Re: routing VPN traffic through PIX from Netscreen device

Hi Guys,

I think I know what you are trying to achieve. Being able to talk between spokes using a PIX as HUB.

This is not possible as far as I know because of the way pix works. (you cannot do hairpin routing on it) traffic connot go back the interface it came through.

pls check this document and read the introduction.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080093bd3.shtml

you will have to use fully mesh IPSec at least as far as PIX 6.3.x

This limitation is not valid when using a router or a VPN concentrator. (you may want to use those for this solution)

pls rate if it helps

New Member

Re: routing VPN traffic through PIX from Netscreen device

I have 7.02 on my pix and I think the concentrator has the newest ios on it. I'll give this a try when I get a chance.

Thanks

239
Views
0
Helpful
5
Replies