02-25-2002 08:09 AM - edited 02-21-2020 11:37 AM
Central site with pix and remote sites with ipsec ios, vpn over internet.
Could I configure a pix to be both a central vpn peer for many remote sites (via internet) and to be a central controller for remote sites central internet access.
In other words remote sites should encrypt all the traffic to the remote central pix, which controlls internet access.
Thanks
02-25-2002 09:10 AM
The Pix is not a router: he can not route traffic from one interface to the interface it self, the anti-spoofing will not permit it. The solution is to do it with a router with an IPSec IOS firewall .
02-26-2002 02:45 AM
Ok, with an IPSEC IOS firewall router in central zone but for those about nat, how can I transalte private ip from vpn tunnel to public internet ip?
Thanks
03-05-2002 05:35 AM
Any idea about private ip address nat traslation from vpn tunnel to internet, when vpn tunnel come from internet ?
thanks
02-25-2002 11:54 AM
Sounds like a hub-and-spoke configuration. See,
02-26-2002 03:46 AM
Yes, it's an hub-and-spoke configuration but in the hub zone we need to allow central internet access for spoke zone (no split-tunnel in spoke zones)
Thanks
03-05-2002 04:13 PM
I currently have a Hub and spoke config. Four locations are private frame twelve locations have high speed dedicated internet connections. Our servers are at Colo site and remotes in varius locations around the globe. I am using IP/IP tunneling over the internet from remote internet sites to gain access to Colo. Remote sites use NAT for WEB access but travel over tunnel for server access. Private Frame locations connect to colo router and router passes traffic to local servers or to PIX if address isn't on or LAN. I hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide