Hi, all,
My company has some remote sites and a central office, they are forming site-to-site VPN tunnels to the central office in Hub-and- Spoke topology.
PIX515E 7.2 is set up in central office while other remote offices have only PIX506E 6.3, how to configure the PIXes in order to let all PIX506Es communicate one another through the PIX515E.
Thanks so much for your kindly help
While I haven't done this, you'd have to allow the 515E to send traffic back out the same interface it arrived on. Then you'd also need to create static routes to the spoke sites through the outside interface.
IMHO, I wouldn't use a PIX for this, though. It's better to put a router behind the Hub PIX and let it do the routing (also called U- turn) in this case. That way the Hub site receives Spoke traffic, forwards it to the router, where it is packet switched and then returned to the Hub PIX and encrypted/sent to the correct Spoke site. I'd let the PIX be a firewall/VPN server, and use a router to do the routing. Much more scalable.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.