Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 535 and VPN Concentrator 3000 Series

Can you please tell me if PIX 535 supports hairpinning? How do you configure the VPN concentrator using just one (1) interface connecting to PIX 535, instead of using both public and private interfaces connecting parallel to the PIX 535?

Thanks,

Phil

1 REPLY
Gold

Re: PIX 535 and VPN Concentrator 3000 Series

pix v6 doesn't support "hairpinning", but v7 does. hairpinning may not be required as the packets first being handled by the concentrator, the concentrator decrypts the packets then send it to the lan. thus from the pix perspective, it's not the same packet.

if the pix is running out of interface, you may connect the concentrator inside interface directly to the lan.

to filter the vpn traffic, you can apply filter on the concentrator

internet <--> pix e1 inside <--> lan

pix e2 vpn <--> concentrator outside

concentrator inside <--> lan

113
Views
0
Helpful
1
Replies