cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
828
Views
0
Helpful
5
Replies

routing VPN traffic through PIX from Netscreen device

luckymace
Level 1
Level 1

I have a Netscreen to PIX VPN connection. The PIX acts as a hub to other VPN devices. I need to have hosts behind the Netscreen connect to hosts behind a third device. I have attached a jpg file to illustrate the topology. All vpns are up and working fine I need to add this functionality. Any help would be greatly appreciated.

Thanks in advance

L. Mace

5 Replies 5

Patrick Laidlaw
Level 4
Level 4

Luckymace,

Your probably going to have a much easier time setting up a vpn between the concentrator and the Netscreen then redirecting the traffic down another tunnel. Besides why load up your pipe with traffic at the pix if it doesn't need to traverse there.

Patrick

Yes, that was my first thought. However, the Concentrator is in a very secure location and will not allow my company to have multiple entry points.

Thanks

Hi,

Have you checked the document on:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801c4445.shtml

It contains lots of useful information for your case...

Regards,

Hi Guys,

I think I know what you are trying to achieve. Being able to talk between spokes using a PIX as HUB.

This is not possible as far as I know because of the way pix works. (you cannot do hairpin routing on it) traffic connot go back the interface it came through.

pls check this document and read the introduction.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080093bd3.shtml

you will have to use fully mesh IPSec at least as far as PIX 6.3.x

This limitation is not valid when using a router or a VPN concentrator. (you may want to use those for this solution)

pls rate if it helps

I have 7.02 on my pix and I think the concentrator has the newest ios on it. I'll give this a try when I get a chance.

Thanks

Review Cisco Networking for a $25 gift card