[c-nsp] Hub-Spoke IPSEC tunnels

Mounir Mohamed mounir.mohamed at gmail.com
Mon Dec 11 19:01:44 EST 2006


Thanks, it's the time to move to 7 OS :)

On 12/12/06, Joseph Jackson <JJackson at aninetworks.com> wrote:
>
>  It is not supported on pix 6.x.  You will have to run 7.x on the HQ pix
> only.
>
>
>  ------------------------------
>
> *From:* Mounir Mohamed [mailto:mounir.mohamed at gmail.com]
> *Sent:* Monday, December 11, 2006 4:00 PM
> *To:* Joseph Jackson
> *Cc:* cisco-nas; cisco-nsp at puck.nether.net
> *Subject:* Re: [c-nsp] Hub-Spoke IPSEC tunnels
>
>
>
> Dear JJ,
>
>
>
> Thanks, but the document talking about PIX/ASA 7.x, my FW running 6.3 OS
> is the feature supported on 6.3?
>
> i'm searching about intra interface communication on 6.3, but it's seems
> to be not found, any advice?
>
>
>
> Best Regards,
>
> Mounir Mohamed
>
>
> On 12/12/06, *Joseph Jackson* <JJackson at aninetworks.com> wrote:
>
> Mounir,
>
>        On the HQ pix you will have to configure intra interface
> communication so that the pix will forward packets out of the same
> interface it recivied the packet on.  You will also of course need to
> configure the remote routers to send traffic for the other sites over
> the ipsec tunnel.
>
> Here is a doc from cisco.
>
> http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807
> 34db7.shtml
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mounir Mohamed
> Sent: Monday, December 11, 2006 3:08 PM
> To: cisco-nas; cisco-nsp at puck.nether.net
> Subject: [c-nsp] Hub-Spoke IPSEC tunnels
>
> Dear All,
>
> I have centeral Firewall (PIX535) in HQ peering via IPSEC tunnles with
> other
> 3 branches, all branches using Cisco 1700 with IOS feature set currently
> there is IPSEC tunnel between each branch and HQ FW, i need to configure
> the
> centeral FW to doing routing between all branches, so if branch x need
> to
> communicate with branch y it should establish it's IPSEC with HQ, then
> the
> HQ using the incoming traffic to initiate IPSEC tunnel with y (if idel)
> then
> routed the traffic between both branches.
>
> Mainly i need to do Hub-Spoke IPSEC tunnels due to lack of hardware in
> the
> remote branches routers.
> Is that allowed, If yes kindly advice.
>
> --
> Best Reagrds,
> Mounir Mohamed
> _______________________________________________
> cisco-nsp mailing list   cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
> --
> Best Reagrds,
> Mounir Mohamed
>



-- 
Best Reagrds,
Mounir Mohamed


More information about the cisco-nsp mailing list