[c-nsp] Hub-Spoke IPSEC tunnels

Joseph Jackson JJackson at aninetworks.com
Mon Dec 11 19:00:30 EST 2006 

It is not supported on pix 6.x.  You will have to run 7.x on the HQ pix
only. 

 

________________________________

From: Mounir Mohamed [mailto:mounir.mohamed at gmail.com] 
Sent: Monday, December 11, 2006 4:00 PM
To: Joseph Jackson
Cc: cisco-nas; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Hub-Spoke IPSEC tunnels

 

Dear JJ,

 

Thanks, but the document talking about PIX/ASA 7.x, my FW running 6.3 OS
is the feature supported on 6.3?

i'm searching about intra interface communication on 6.3, but it's seems
to be not found, any advice?

 

Best Regards,

Mounir Mohamed
 

On 12/12/06, Joseph Jackson <JJackson at aninetworks.com> wrote: 

Mounir,

       On the HQ pix you will have to configure intra interface
communication so that the pix will forward packets out of the same 
interface it recivied the packet on.  You will also of course need to
configure the remote routers to send traffic for the other sites over
the ipsec tunnel.

Here is a doc from cisco.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807
34db7.shtml


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net 
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mounir Mohamed
Sent: Monday, December 11, 2006 3:08 PM
To: cisco-nas; cisco-nsp at puck.nether.net
Subject: [c-nsp] Hub-Spoke IPSEC tunnels

Dear All,

I have centeral Firewall (PIX535) in HQ peering via IPSEC tunnles with
other
3 branches, all branches using Cisco 1700 with IOS feature set currently

there is IPSEC tunnel between each branch and HQ FW, i need to configure
the
centeral FW to doing routing between all branches, so if branch x need
to
communicate with branch y it should establish it's IPSEC with HQ, then 
the
HQ using the incoming traffic to initiate IPSEC tunnel with y (if idel)
then
routed the traffic between both branches.

Mainly i need to do Hub-Spoke IPSEC tunnels due to lack of hardware in
the
remote branches routers.
Is that allowed, If yes kindly advice.

--
Best Reagrds,
Mounir Mohamed
_______________________________________________
cisco-nsp mailing list   cisco-nsp at puck.nether.net
<mailto:cisco-nsp at puck.nether.net> 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/ 




-- 
Best Reagrds,
Mounir Mohamed

More information about the cisco-nsp mailing list