how to set routing inside vpn tunnel (PIX)

how to set routing inside vpn tunnel (PIX)
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 alt.certification.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
how to set routing inside vpn tunnel (PIX) domino 10-03-2007
Posted by domino on October 3, 2007, 8:05 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
hello
I`ve following problem:


remote site1----central------remote site2

remote locations connected with vpn to the central location,
now I need to set communication between site1 and site2 but it must be
realized inside the existing vpn tunnel (using ),
in other words -how to make central device to route packets form site1 to
site2 and reversly?


site1--- pix 506 (10.6.0.0/24)
sie2 --pix 506 (10.100.0.0/24)
central-- pix 515 (10.0.0.0/16)


Dominik



home networking made easy, greater protection, less stress, introducing nm 5.0, 728x90
Posted by response3 on October 3, 2007, 8:19 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> hello
> I`ve following problem:
>
> remote site1----central------remote site2
>
> remote locations connected with vpn to the central location,
> now I need to set communication between site1 and site2 but it must be
> realized inside the existing vpn tunnel (using ),
> in other words -how to make central device to route packets form site1 to
> site2 and reversly?
>
> site1--- pix 506 (10.6.0.0/24)
> sie2 --pix 506 (10.100.0.0/24)
> central-- pix 515 (10.0.0.0/16)
>
> Dominik

The PIX itself can't do this, as it does not allow traffic from the
same interface it was received on to be sent back out that same
interface. The newer OS PIX 7.1 may have a fix for this, but I'm not
sure. You may have to send that traffic back to a router at the
central site and send it back to the pix. The other option is to use
an IOS router and use route-maps and a loopback to get around this.

Brian


Posted by on October 4, 2007, 1:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Oct 3, 2007 17:19 (-0700) response3 wrote:

:> remote site1----central------remote site2
:>
:
:The PIX itself can't do this, as it does not allow traffic from the
:same interface it was received on to be sent back out that same
:

from the diagram it does not look like he wants to pass traffic back on
the same interface.

static and acl commands can make the pix transparent as much as you
configure it to be.

regards
Adam

Posted by domino on October 4, 2007, 4:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>
> static and acl commands can make the pix transparent as much as you
> configure it to be.
>
> regards
> Adam


hmmm
I didn`t think about it,
today remote locations are connected with the same interface but
I have one interface free in my central pix, so is there anything against to
connect the interface to the same subnet as the used outside interface, give
it the IP number (I have free ip numbers too) ,set appropiate routing and
reconfigure one of the vpn tunnels to use the additional interface? how
about this idea ?
regards
Dominik



Posted by Frank Winkler on October 5, 2007, 3:39 am
If you were  Registered and logged in, you could reply and use other advanced thread options
domino wrote:

>I have one interface free in my central pix, so is there anything
against to
>connect the interface to the same subnet as the used outside interface,
give

Yes, the PIX won't allow this. It doesn't like two interfaces in the same
network.

But as Brian said, PIX 7 and above is able to use one and the same
interface for incoming and outgoing traffic.

Regards

        fw


Similar ThreadsPosted
PIX 506E routing from Inside to Outside Interfaces August 4, 2005, 2:35 pm
dynamic VPN tunnel April 29, 2005, 4:54 am
805 to pix515 VPN tunnel.... April 18, 2007, 2:32 am
web vpn and tunnel mode April 21, 2008, 12:36 am
Same Tunnel Interface destination with 2 different next-hop IPs April 25, 2007, 12:30 am
[flash taturial]Configure Cisco GRE tunnel August 3, 2007, 11:29 pm
Cisco SOHO 91 VPN, no traffic coming back through tunnel May 12, 2007, 2:04 am
ip routing command and InterVLAN routing August 2, 2006, 8:45 am
NAT : Inside and Outside source May 19, 2005, 9:45 pm
We can only connect to 1 cisco VPN from inside our network?? March 22, 2007, 2:01 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map