Re: PIX routing problem

study_voip · ‎04-25-2005

Hi,

ask one question,

here is my diagram,

R1-------PIX------R2

R1 and R2 are Cisco IOS routers

R1 has two IPs, 1.1.1.1/24 192.168.1.1/24

R2 has two IPs, 2.2.2.2/24 192.168.2.2/24

PIX has two IPs,3.3.3.3/24 192.168.3.3/24

now, create VPN tunnel between R1 and PIX, R2 and PIX, please note, no VPN tunnel between R1 and R2

so is there any way let 192.168.1.1/24 communicate with 192.168.2.2/24 directly?

Thanks for any input

thisisshanky · ‎04-25-2005

I have not dealt much with pix OS 7.0, but with previous OS (6.x) this is not possible. 7.0 is supposed to fix this problem of communications between IPSEC tunnels. TO upgrade to PIX 7.0 you will need atleast 64 MB of ram on restricted license and 128 MB of ram on unrestricted license pix's.

Also pix 520, 501, 506 are not supported at this time.

HTH

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

study_voip · ‎04-26-2005

thanks for your input.

if I use one Cisco IOS router instead of PIX, it works, any reason that PIX did not ?

Thanks

thisisshanky · ‎04-26-2005

PIX is a firewall, and hence does not behave the same way as a router, for security reasons. It does not allow packets that came in through one interface, out through the same interface. Hence it will not support communication b/n tunnels that terminate on the same interface (say outside). This behaviour has changed since 7.0

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus