Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
0
Helpful
2
Replies

VPN through Pix 515

Go to solution
rok.tisler
Level 1
Level 1

‎09-24-2004 06:51 AM - edited ‎02-21-2020 01:21 PM

Hello to forum, i have one question please reply if someone knows the answer..

Here is my scenario:

Central location Pix515 (192.168.0.0/24)

Location 1: (192.168.1.0/24)

Location 2: (192.168.2.0/24)

Location 3: (192.168.3.0/24) local pool for vpn clients

IPSEC from 192.168.0.0/24 to 192.168.1.0/24 lan-lan

IPSEC from 192.168.0.0/24 to 192.168.2.0/24 lan-lan

IPSEC from 192.168.0.0/24 to 192.168.3.0/24 ezvpn

Question:

Is it posible to connect Location1 and Location2 through Pix, or Location1 and Location3 ?

On the encryption acl on each location trafic destined for other location is included for encryption process.

for example location1 acl:

access 100 per 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0

access 100 per 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access 100 per 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

other locations have similar acl-s

There is no problem for locations accessing 192.168.0.0/24, but trafic between locations does not work.

I think that pix wont encrypt packets ariving from outside.

I know, that this is posible on IOS with IPSEC over GRE tunnels with some routing, but PIX ??

Rok

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pcomeaux
Cisco Employee
Cisco Employee

‎09-24-2004 08:09 AM

Hi Rok -

Permitting traffic between VPN sites does not currently work with Pix OS 6.3.4 and earlier. Pix 7.0 code, which will be released later this year, will permit traffic between same security level VPN interfaces. This will allow spoke to spoke communication. I configured this last week with Pix 7.0 beta code, so I know it is a new feature and it will work.

IOS does not have this limitation with IPSec. GRE is not required by IOS to make spoke to spoke communication work, though it could be used.

Hopefully this helps you understand what's happening.

Please let us know what follow up questions you have.

thanks!

peter

ps. pls be sure to rate the posts so others will know if we have provided you the information you need!

View solution in original post

0 Helpful
2 Replies 2

Go to solution
pcomeaux
Cisco Employee
Cisco Employee

‎09-24-2004 08:09 AM

Hi Rok -

Permitting traffic between VPN sites does not currently work with Pix OS 6.3.4 and earlier. Pix 7.0 code, which will be released later this year, will permit traffic between same security level VPN interfaces. This will allow spoke to spoke communication. I configured this last week with Pix 7.0 beta code, so I know it is a new feature and it will work.

IOS does not have this limitation with IPSec. GRE is not required by IOS to make spoke to spoke communication work, though it could be used.

Hopefully this helps you understand what's happening.

Please let us know what follow up questions you have.

thanks!

peter

ps. pls be sure to rate the posts so others will know if we have provided you the information you need!

0 Helpful

Go to solution
rok.tisler
Level 1
Level 1
In response to pcomeaux

‎09-24-2004 11:53 AM

Well, tnx for your answer it is very helpfull.

Can i get beta software ?

Is it maybe posible to get spoke-spoke comunication with router/L3switch facing inside interface of pix ?

rok

0 Helpful
Customers Also Viewed These Support Documents