I have a PIX 515e at HQ and 3 PIX 501e at remote Office Locations.
I can get from each remote location to the HQ just fine.
It would be nice to be able to get from each remote site via HQ. I've heard this called Hairpin or U-turning
So I want to go from Remote Site 1-> HQ -> Remote Site 2
The remote sites are DHCP so I cant set up a VPN between them.
I'm using IPSec with Preshared Keys.
Thanks,
My understanding is that the PIX does not under any circumstances route packets back out of the receiving interface. (At least up to 6.x)
I suppose you could in principle somehow send the traffic inside and have another router turn it round with loads of wild and weird NAT. Maybe a Pix wizard will be along in a minute? Sadly the one we had seems to have absconded.This is sad since he was properly good.
pix(conf)# same-security-traffic permit intra-interface
Plus of course the addition of proper lines in crypto acl's and nat exemption acl's for remote devices, but the above command is not present in release 6.x, if this is the case a firmware and memory upgrade for the hq device is needed. Bye, Tosh.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.