[c-nsp] Site to Site VPN with PIX 515E
Laurent Geyer
lgeyer at 085zehn.com
Wed Sep 13 01:45:33 EDT 2006
On 9/12/06, Jason Lixfeld <jason at lixfeld.ca> wrote:
>
>
> There is one gotcha. If you are running < 7.0, you will not be able
> to access the interfaces directly attached to the PIX. You'll be
> able to access the hosts behind the interfaces, but not the
> interfaces directly. This is due to a u-turn limitation in < 7.0
> that doesn't permit IPSec traffic to exit the same interface it
> entered on. Where this becomes annoying is if, say you want to SNMP
> poll PIX B from PIX A's site or vice-verse, you won't be able to.
Don't know about any releases < 6.x but with version 6.x you can define a
management interface that will allow you to access the inside interface of
Pix B from sute A and vice versa.
- Laurent
More information about the cisco-nsp
mailing list