[c-nsp] Site to Site VPN with PIX 515E

Laurent Geyer lgeyer at 085zehn.com
Wed Sep 13 01:45:33 EDT 2006


On 9/12/06, Jason Lixfeld <jason at lixfeld.ca> wrote:
>
>
> There is one gotcha.  If you are running < 7.0, you will not be able
> to access the interfaces directly attached to the PIX.  You'll be
> able to access the hosts behind the interfaces, but not the
> interfaces directly.  This is due to a u-turn limitation in < 7.0
> that doesn't permit IPSec traffic to exit the same interface it
> entered on.  Where this becomes annoying is if, say you want to SNMP
> poll PIX B from PIX A's site or vice-verse, you won't be able to.


Don't know about any releases < 6.x but with version 6.x you can define a
management interface that will allow you to access the inside interface of
Pix B from sute A and vice versa.

- Laurent


More information about the cisco-nsp mailing list