Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
4
Replies

Site-to-Site and Remote VPN Question

dwalsh
Level 1
Level 1

‎12-13-2004 01:11 PM

Hello,

Kind of a basic question that I think I already know the answer to, but I'm going to ask it anyway:

We have one main site and two remote locations. The two remote locations currently connect to our site via a VPN over our 506E. It works fine. I want to put one of our sites on a site-to-site VPN so that they don't have to use the client anymore. I've purchased a 501 for them.

I mostly just follow the configs on the CCO page to get things running. Should there be any problems in getting my main PIX to be a termination point for both remote clients and another PIX (i.e. site-to-site)?

Any tips or gotchas would be greatly appreciated. I think there's something about making sure the priority on the policy statement is properly orderd or some such thing (not sure though).

Thanks,

Dave

Labels:
0 Helpful
4 Replies 4

thisisshanky
Level 11
Level 11

‎12-13-2004 01:50 PM

Dave,

Only catch is that PIX does not support traffic between spokes (in a hub and spoke topology). You have to have full mesh tunnels between the sites. So in case your VPN clients need to reach any users/servers in the remote site 2 (with PIX 501), you will have trouble because you dont have a tunnel established to Site 2.

Usually in a hub and spoke type site to site with a PIX at the head end, you will need full mesh VPN, unless you plan to use a router as the head end. I think there is a workaround coming up on PIX OS 7.0.

Hope that helps!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

dwalsh
Level 1
Level 1
In response to thisisshanky

‎12-14-2004 05:14 AM

Thanks very much for your reply. If I could just clarify one thing:

Site 1 and Site 2 will both have a PIX with a VPN tunnel established. Site 3 connects via a remote client (Not actually a site per se. It's just someone's house that uses a VPN client on his PC.).

Are you saying that the user connecting from his house to the pix at Site 1 will not be able to send traffic to a server at Site 2?

If so, is there a way around that?

Thanks,

Dave

0 Helpful

mostiguy
Level 6
Level 6
In response to dwalsh

‎12-15-2004 02:13 PM

THe workaround is coming in pix os 7 for end users connecting to 1, can access resources behind 2, assuming the 1-2 site to site tunnel

0 Helpful

grant.maynard
Level 4
Level 4

‎12-16-2004 06:02 AM

Should be no problems with this.

0 Helpful
Customers Also Viewed These Support Documents