Re: VPN between 3 PIX's

martin.scott · ‎09-22-2003

I have 3 pix's let's say A, B and C. A's outside is connected to B's inside (internal serial connection) and B's outside is connected to C's outside (via internet). I already have a VPN built between B and C and want to build another between A and C. I can't build it directly as A's internal addressing is not visible from C (across internet). So I am going to build a VPN from A's outside to B's outside as the first hop and then use the existing VPN from B to C. I can't test this first but should it work ok? My concern is that the A-B vpn traverses B's inside to get to the outside (peer) on B but is that an issue. Once the data is on B it needs to "drop back into the pix" so that I can then send it on its way again out the other VPN.....

drolemc · ‎09-26-2003

I can't see the problem as treating the setup as two seperate tunnels, one between PIX A (out) - PIX B (in) and the other between PIX B (out) - PIX C (out). The configuration on PIX A and PIX C should be pretty straightforward. As far as PIX B is concerned, the configuration should not be a big problem either (if I am not missing something important). A PIX can be configured to terminate multiple IPSec tunnels on multiple interfaces (Please see http://www.cisco.com/warp/public/110/40.html)