Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
0
Helpful
2
Replies

PIX VPN Hub and Spoke

fembsen
Level 1
Level 1

‎03-28-2006 06:59 AM - edited ‎02-21-2020 02:20 PM

I have a PIX VPN hub and spoke configuration and I want to let the spokes communicate with eachother. In the documentation it says "The two outlying networks are not able to communicate with each other by going through the central PIX because the PIX does not route traffic received on one interface back out the same interface."

Can I use an router on the inside network to work around this limitation? If so, how sould I configure this?

All PIX firewalls are 506's so I cannot use PIX version 7.

Best regards, Frank

Labels:
0 Helpful
2 Replies 2

jackko
Level 7
Level 7

‎03-28-2006 03:30 PM

assuming a router is deployed on each site. a gre tunnel may be configured between the routers over the ipsec between the 506e.

0 Helpful

fembsen
Level 1
Level 1
In response to jackko

‎03-28-2006 11:38 PM

Thanks for the reply but I had something else in mind.

What I want to do is place a router on the inside network of the hub.

I my opinion it should then be possible to direct VPN traffic comming from one spoke to the inside router (using a 'route inside 0 0 ' on the PIX). Next the router on the inside network sends traffic destined for the other spoke back to the PIX and the PIX sends it through a VPN to the other spoke.

Can this work?

0 Helpful
Customers Also Viewed These Support Documents