|
Posted by on July 23, 2007, 5:43 am
Please log in for more thread options
Hi, all,
My company has some remote sites and a central office, they are
forming site-to-site VPN tunnels to the central office in Hub-and-
Spoke topology.
PIX515E 7.2 is set up in central office while other remote offices
have only PIX506E 6.3, how to configure the PIXes in order to let all
PIX506Es communicate one another through the PIX515E.
Thanks so much for your kindly help
|
|
Posted by response3 on July 24, 2007, 2:11 pm
Please log in for more thread options
On Jul 23, 2:43 am, benson...@yahoo.com.hk wrote:
> Hi, all,
>
> My company has some remote sites and a central office, they are
> forming site-to-site VPN tunnels to the central office in Hub-and-
> Spoke topology.
>
> PIX515E 7.2 is set up in central office while other remote offices
> have only PIX506E 6.3, how to configure the PIXes in order to let all
> PIX506Es communicate one another through the PIX515E.
>
> Thanks so much for your kindly help
While I haven't done this, you'd have to allow the 515E to send
traffic back out the same interface it arrived on. Then you'd also
need to create static routes to the spoke sites through the outside
interface.
IMHO, I wouldn't use a PIX for this, though. It's better to put a
router behind the Hub PIX and let it do the routing (also called U-
turn) in this case. That way the Hub site receives Spoke traffic,
forwards it to the router, where it is packet switched and then
returned to the Hub PIX and encrypted/sent to the correct Spoke
site. I'd let the PIX be a firewall/VPN server, and use a router to
do the routing. Much more scalable.
|
| Similar Threads | Posted |
| remote sites communications in PIX topology | July 23, 2007, 5:43 am |
| DHCP for remote sites | October 7, 2005, 8:24 pm |
| Cisco 837 between remote sites | February 18, 2006, 2:56 pm |
| Looking for Answers Regarding Network bottleneck from Remote Sites | June 19, 2008, 12:05 pm |
| Advertise vpn tunnel routes without routers at remote sites | April 20, 2007, 11:59 am |
| Do we need routers aslo for communications between VLANs. | September 1, 2006, 5:33 pm |
| CCME - record communications on demand | December 11, 2006, 11:44 am |
| A discussion of how Cisco Unified Communications is changing the workplace environment | August 29, 2006, 4:33 am |
| Interview questions for Cisco unified communications director of engineering | September 25, 2007, 2:19 pm |
| Two ISP topology | August 4, 2006, 9:29 pm |
| Switch Topology | September 6, 2006, 5:43 pm |
| Cisco Home Lab Topology | February 14, 2006, 2:51 am |
| CiscoWorks 2000 Topology Services hangs up | July 14, 2005, 11:03 am |
| %SPANTREE-5-TOPOTRAP: Topology Change Trap for vlan 3 What does this mean? | August 8, 2006, 10:01 am |
| VPN server in DMZ, topology questions and PIX network interface VLANs | January 19, 2007, 3:30 am |
remote sites communications in PIX topology
Yahoo!
Google
Windows Live
del.icio.us
digg
Netscape
>
> My company has some remote sites and a central office, they are
> forming site-to-site VPN tunnels to the central office in Hub-and-
> Spoke topology.
>
> PIX515E 7.2 is set up in central office while other remote offices
> have only PIX506E 6.3, how to configure the PIXes in order to let all
> PIX506Es communicate one another through the PIX515E.
>
> Thanks so much for your kindly help