[c-nsp] Site to Site VPN with PIX 515E
Jason Lixfeld
jason at lixfeld.ca
Tue Sep 12 23:13:55 EDT 2006
You won't need to do any routing, providing the PIXen are the default
gateways for each respective site.
There is one gotcha. If you are running < 7.0, you will not be able
to access the interfaces directly attached to the PIX. You'll be
able to access the hosts behind the interfaces, but not the
interfaces directly. This is due to a u-turn limitation in < 7.0
that doesn't permit IPSec traffic to exit the same interface it
entered on. Where this becomes annoying is if, say you want to SNMP
poll PIX B from PIX A's site or vice-verse, you won't be able to.
On 12-Sep-06, at 10:28 PM, Dave Lim wrote:
> Hi,
>
> I intend to do a site to site VPN tunnel between 2 sites. For Site
> A's PIX
> there are only 2 interfaces, 1 inside and 1 outside. But for Site
> B, I have
> 5 interfaces.
>
> My question is if I were to do a site to site VPN between these 2
> sites,
> will Site A be able to access Site B's 4 interfaces. I guess I need to
> reflect the routing statements on Site's A PIX?
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list