01-31-2006 05:54 PM - edited 02-21-2020 12:41 AM
I have a Netscreen to PIX VPN connection. The PIX acts as a hub to other VPN devices. I need to have hosts behind the Netscreen connect to hosts behind a third device. I have attached a jpg file to illustrate the topology. All vpns are up and working fine I need to add this functionality. Any help would be greatly appreciated.
Thanks in advance
L. Mace
02-02-2006 06:33 PM
Luckymace,
Your probably going to have a much easier time setting up a vpn between the concentrator and the Netscreen then redirecting the traffic down another tunnel. Besides why load up your pipe with traffic at the pix if it doesn't need to traverse there.
Patrick
02-03-2006 08:31 AM
Yes, that was my first thought. However, the Concentrator is in a very secure location and will not allow my company to have multiple entry points.
Thanks
03-30-2006 10:37 AM
Hi,
Have you checked the document on:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801c4445.shtml
It contains lots of useful information for your case...
Regards,
03-31-2006 01:42 AM
Hi Guys,
I think I know what you are trying to achieve. Being able to talk between spokes using a PIX as HUB.
This is not possible as far as I know because of the way pix works. (you cannot do hairpin routing on it) traffic connot go back the interface it came through.
pls check this document and read the introduction.
you will have to use fully mesh IPSec at least as far as PIX 6.3.x
This limitation is not valid when using a router or a VPN concentrator. (you may want to use those for this solution)
pls rate if it helps
03-31-2006 05:51 AM
I have 7.02 on my pix and I think the concentrator has the newest ios on it. I'll give this a try when I get a chance.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide