Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
1
Replies

VPN/IPSec L2L - Question?!

Go to solution
jean.l.pierre
Level 1
Level 1

‎01-28-2008 12:48 PM - edited ‎02-21-2020 03:30 PM

Hi!

I was recently doing some troubleshooting on a VPN/IPSec Lan-to-Lan connection between a Cisco PIX515E and a Linux firewall. My question is regarding the configuration and not the problem itself.

The interesting traffic (traffic to be encrypted) defined and configured is the local PIX LAN (inside) and the remote public IP?! Wich means that the IKE Peer and the remote interesting IP/LAN are the same... and it works!!!

Any ideas?

Thanks,

JP

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ajagadee
Cisco Employee
Cisco Employee

‎01-28-2008 01:38 PM

As far as you source the packet from the Pix LAN to the remote Public IP, the tunnel will work fine and is working :-)

So, if you really look at the flow of traffic, you are sourcing the traffic from Pix LAN Destined to Remote Public IP which matches the access-list defined. So, the pix knows that it has to encrypt the traffic and now looks for the crypto endpoints (pix outside IP to remote public IP) and sends the encrypted packets. So, this set up will work fine.

In fact, Pix will not allow telnet to the outside interface of the pix unless the traffic is through an IPSEC Tunnel and this was one of the set up that gave telnet access to the outside interface of Pix, that is LAN to Public IP of Pix across an IPSEC Tunnel.

Regards,

Arul

** Please rate all helpful posts **

View solution in original post

0 Helpful
1 Reply 1

Go to solution
ajagadee
Cisco Employee
Cisco Employee

‎01-28-2008 01:38 PM

As far as you source the packet from the Pix LAN to the remote Public IP, the tunnel will work fine and is working :-)

So, if you really look at the flow of traffic, you are sourcing the traffic from Pix LAN Destined to Remote Public IP which matches the access-list defined. So, the pix knows that it has to encrypt the traffic and now looks for the crypto endpoints (pix outside IP to remote public IP) and sends the encrypted packets. So, this set up will work fine.

In fact, Pix will not allow telnet to the outside interface of the pix unless the traffic is through an IPSEC Tunnel and this was one of the set up that gave telnet access to the outside interface of Pix, that is LAN to Public IP of Pix across an IPSEC Tunnel.

Regards,

Arul

** Please rate all helpful posts **

0 Helpful
Customers Also Viewed These Support Documents