1. Home
  2. Cisco Systems
  3. IOS 7 Spoke to Spoke VPN

IOS 7 Spoke to Spoke VPN

Hi folks,

before I buy a PIX 515 I wonder if someone can help me answer this question?

I'll have a PIX 515 on my network with public IP on Outside Interface, I have customerA that VPNs to this PIX using Cisco VPN Client 4.6, I have customerB who does a site-site VPN to my 515. The IOS version will be 7.0. I want CustomerA to be able to talk to CustomerB.

I know that a spoke to spoke configuration can be done with 2 site-site VPN's but can one be done with one a VPN client and the other a site-site?

here's a link for the 2 site-site VPN's...

formatting link
cheers Dave

Reply to
Dave
Loading thread data ...

Hi Dave,

You may want to investigate Cisco PIX Security Appliance Release Notes Version 7.0(1)

Virtual Private Networking (VPN) Services

Enhanced Spoke-to-Spoke VPN Support

Version 7.0(1) improves support for spoke-to-spoke (and client-to-client) VPN communications, by providing the ability for encrypted traffic to enter and leave the same interface. Furthermore, split-tunnel remote access connections can now be terminated on the outside interface for the security appliance, allowing Internet-destined traffic from remote access user VPN tunnels to leave on the same interface as it arrived (after firewall rules have been applied).

formatting link
The same-security-traffic command permits traffic to enter and exit the same interface when used with the intra-interface keyword enabling spoke-to-spoke VPN support. For more information, see the " Permitting Intra-Interface Traffic" section in the in the Cisco Security Appliance Command Line Configuration Guide.

formatting link
Hope this helps.

Brad Reese BradReese.Com Cisco Repair Service Experts

1293 Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 U.S. Toll Free: 877-549-2680 International: 828-277-7272 Website:
formatting link
Reply to
www.BradReese.Com

Cheers Brad,

It sounds like it would work using the command

same-security-traffic permit intra-interface

But would that allow traffic from a VPN client and a Site-Site VPN?

Would it work if I gave my VPN Clients the same IP Range as my VPN Tunnel on the Site-Site?

Dave

Reply to
Dave

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.