Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

All traffic in Vpn

Hi,

I have some Vpn (IPSec)that are deployed from my headquarter and some branch office through Cisco Pix.

Pix 525 on headquarter and Pix 501 on branch.

So far internet traffic from each branch

office was indipendent (nat).

Now we have increase bandwidth on headquarter (2Mb > 8 Mb)and I would like

do pass all traffic on headquarter through tunnel IPSec so also all internet traffic will pass from only router on main site.

Can I do it ?

Does somebody advice me some documents or configuration examples about it ?

best regards

Lorenzo

  • VPN
3 REPLIES
Cisco Employee

Re: All traffic in Vpn

Hi Lorenzo,

First of all you need to have PIX 525 on 7.x code for U-turning to work.

You can go through the document that explains the similar scenario for a VPN client :

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

You setup would be very much similar. Let me know if you have some more questions.

*Please rate if helped.

-Kanishka

New Member

Re: All traffic in Vpn

Hi

perhaps I'm not explain so well.

I haven't Vpn client but I have all my branch

networks behind Pix 501.

I want know if I can do pass also traffic internet in tunnel IPSec and if I can how do it.

best regards

Lorenzo

Cisco Employee

Re: All traffic in Vpn

Hi Lorenzo,

I understand you do not have a VPN client, but there's no readymade config example for what you are trying to do.

To give you brief idea of how the configuration on PIX 7.X would look like, I sent you the doc.

I will proceed to give you an example of how the config will look like. Assuming the PIX 501 n/w is 1.1.1.0/24 and PIX 525 n/w is 2.2.2.0

ON PIX 501 :

The crypto ACL would look like :

access-list cry_acl permit ip 1.1.1.0 /24 any

On PIX 525:

same-security-traffic permit intra-interface

The crypto ACL :

access-list cry_acl permit ip any 1.1.1.0 /24

The NAT config(to nat the traffic for Internet) :

nat (outside) 1 1.1.1.0 255.255.255.0

global (outside) 1 interface

Let me know if you have some more questions.

*Please rate if helped.

-Kanishka

115
Views
0
Helpful
3
Replies
This widget could not be displayed.