[c-nsp] PIX OS 7.0 and PIX520, supported?

Brian Feeny signal at shreve.net
Wed Jan 26 10:25:17 EST 2005 

On Jan 26, 2005, at 3:33 AM, Chris Cappuccio wrote:

> You mean forwarding a packet back out the same interface it was  
> received on?

No I don't.  I mean, terminating tunnelA to the PIX, and then  
terminating tunnelB
to the PIX, and then allowing A and B to talk.  This is what VPN  
Concentrators
can do, that PIX's can't (well, one thing anyways).   Its very useful  
in some situations.

>
> Nope, ok, you have to buy a ROUTER for that.  It ROUTES packets, see.
> (Never mind the dynamic or static route options that the PIX provides,
> it's just a firewall, for christ's sake!) So, go ahead and buy a  
> Cisco(R)
> ROUTER to put in front of your PIX.

Seriously, you don't have to break it down :)  "Hairpinning" when  
talking about
VPN's has a different meaning.  Although even "hairpinning" of VPN's  
does
require routing.

>
> Perhaps you could ask the engineers to spend the hundreds or thousands  
> of hours
> it would require to implement this extensive feature on to the existing
> software.  It might be a complicated endeavor, rivaled by the  
> engineering
> of the rock-solid 2800 series, or perhaps even the Space Shuttle, but  
> I bet
> they can get it done.
>

Turns out Hairpinning IS supported in 7.0 (Hairpinning of VPN tunnels),  
just
like I had a hunch it would.


> While I'm at it, I'm going to send you a bill for the time I took to  
> write
> this, and I have a fourty hour minimum.  No, four hundred hours...Yeah,
> that's the ticket...  Four hundred hour minimum...

?

Brian



>
> Brian Feeny [signal at shreve.net] wrote:
>>
>> Does anyone know if Cisco will support the 520 with PIX OS 7.0?
>>
>> Anyone know if 7.0 is going to support hairpinning of VPN tunnels?
>>
>> Brian
>>
>> ---------------------------------------------------------------------- 
>> --
>> ------
>> Brian Feeny, CCIE #8036, CISSP    	e: signal at shreve.net
>> Network Engineer           			p: 318.213.4709
>> ShreveNet Inc.             			f: 318.221.6612
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> -- 
> The past cannot be changed.  The future cannot be guaranteed.

More information about the cisco-nsp mailing list