PIX VPN routing question

PCHoldmann · October 2005

Does ayone know about routing VPN trafic with PIX firewalls? I administer a 6 location network set up hub & spoke, all locations can comunicate with the mian location, and vice versa, but not with each other. I want to be able to route traffic from a remote to a remote through the main (we don't do enough of this to make it worth while making a fulll mesh). I have tried using RIP and OSPF, but they do not seem to be talking to each other. If I set up static routes, what interface do I use, Inside or Outside? Routing is a little funky on those thinks.

TIA,

Peter

darkuser · October 2005

site-to-site ipsec vpn must have symetric access-lists.
I'm assming you didn't set this up.
you'll have to evaluate the goals of the person who set it up, what you want now.
pull the configs of all the devices and decide how you need to change them to achieve what you'd like.

EverythingPCowner · October 2005

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/sit2site.htm#28859

Perhaps this will help

PCHoldmann · November 2005

Thanks for the link, but what I am trying to do is is more like:

SiteA is connected to SiteB, SiteB is connected to SiteC. SiteA cannot comunicate with SiteC routing through SiteB.

In this case a link between SiteA and SiteC would solve the problem, but I am also dealing with SiteD, SiteE, and SiteF, a lot of conections to configure and monitor, and a real headache if we add any more.

I read somewhere that what I want to do is only possible with PIX OS 7. Any one know for sure?

Thanks in Advance

garv221 · November 2005

Paste your config. I have a PIX 506 with a 4 PIX 501s connecting to it. Everyone can communicate with each other. Do you have your "outside_cryptomap" command set corectly allowing access to the different subnets? Also you can have problems if your IP address from your off site locations are the same, just checking, let me know.

PIX VPN routing question

Comments