Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Using internet access only through the HQ via site-to-site VPN

Hi,

We're using site-to-site between two PIXes and working just fine.

But what we're currently trying is to make all traffic from the branch pix goes through the HQ pix, not only vpn traffic so that we could monitor it with websense device.

I've tried several configuration on both pix but it didn't work.

When the internet traffic goes through s2s vpn, it should come to HQ pix via its outside interface and forward it to outside again.

My guess is that PIX doesn't support this kinda flow.

Even if it could forward to outside interface, the source ip address of the branch should be NATed before it goes to internet.

Is anybody come across this issue before?

This looks kinda typical topology if the customer wants to monitor all traffic from the branches.

Thanks,

1 REPLY
Gold

Re: Using internet access only through the HQ via site-to-site V

This is not be possible using PIX 6.3. PIX 6.3 does not route traffic received on one interface back out the same interface. Its possible with PIX 7.0

M.

127
Views
0
Helpful
1
Replies