<div>Dear JJ,</div>
<div>&nbsp;</div>
<div>Thanks, but the document talking about PIX/ASA 7.x, my FW running 6.3 OS is the feature supported on 6.3?</div>
<div>i'm searching about intra interface communication on 6.3, but it's seems to be not found, any advice?</div>
<div>&nbsp;</div>
<div>Best Regards,</div>
<div>Mounir Mohamed<br>&nbsp;</div>
<div><span class="gmail_quote">On 12/12/06, <b class="gmail_sendername">Joseph Jackson</b> &lt;<a href="mailto:JJackson@aninetworks.com">JJackson@aninetworks.com</a>&gt; wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Mounir,<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; On the HQ pix you will have to configure intra interface<br>communication so that the pix will forward packets out of the same
<br>interface it recivied the packet on.&nbsp;&nbsp;You will also of course need to<br>configure the remote routers to send traffic for the other sites over<br>the ipsec tunnel.<br><br>Here is a doc from cisco.<br><br><a href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807">
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807</a><br>34db7.shtml<br><br><br>-----Original Message-----<br>From: <a href="mailto:cisco-nsp-bounces@puck.nether.net">cisco-nsp-bounces@puck.nether.net
</a><br>[mailto:<a href="mailto:cisco-nsp-bounces@puck.nether.net">cisco-nsp-bounces@puck.nether.net</a>] On Behalf Of Mounir Mohamed<br>Sent: Monday, December 11, 2006 3:08 PM<br>To: cisco-nas; <a href="mailto:cisco-nsp@puck.nether.net">
cisco-nsp@puck.nether.net</a><br>Subject: [c-nsp] Hub-Spoke IPSEC tunnels<br><br>Dear All,<br><br>I have centeral Firewall (PIX535) in HQ peering via IPSEC tunnles with<br>other<br>3 branches, all branches using Cisco 1700 with IOS feature set currently
<br>there is IPSEC tunnel between each branch and HQ FW, i need to configure<br>the<br>centeral FW to doing routing between all branches, so if branch x need<br>to<br>communicate with branch y it should establish it's IPSEC with HQ, then
<br>the<br>HQ using the incoming traffic to initiate IPSEC tunnel with y (if idel)<br>then<br>routed the traffic between both branches.<br><br>Mainly i need to do Hub-Spoke IPSEC tunnels due to lack of hardware in<br>the<br>
remote branches routers.<br>Is that allowed, If yes kindly advice.<br><br>--<br>Best Reagrds,<br>Mounir Mohamed<br>_______________________________________________<br>cisco-nsp mailing list&nbsp;&nbsp;<a href="mailto:cisco-nsp@puck.nether.net">
cisco-nsp@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-nsp">https://puck.nether.net/mailman/listinfo/cisco-nsp</a><br>archive at <a href="http://puck.nether.net/pipermail/cisco-nsp/">http://puck.nether.net/pipermail/cisco-nsp/
</a><br></blockquote></div><br><br clear="all"><br>-- <br>Best Reagrds,<br>Mounir Mohamed