PIX VPN U-Turn

If anyone has done the dreaded PIX VPN U-Turn, please tell me how!

The U-Turn is supposed to allow you to terminate an incoming VPN tunnel on the outside interface, then allow you to turn right back around and establish a lan-to-lan tunnel on the same interface.

I have the 7.01 code.  Please let me know where you can configure that.  I have the lan-to-lan built, and I have the remote vpn built.  Just can't bridge the connections.
LVL 2
CiscotekAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ynchan38Commented:
Setup the isakmp policy, crypto-map, access list and transform-set as the same way as the other IPSec tunnel.
To make the "U-Turn" tunnel, all you need to do is to define a tunnel-group using the Lan-2-Lan type matching with the peer.  Assume you are using IP address and pre-shared key to identify your peer,
  tunnel-group xx.xx.xx.xx type ipsec-l2l
  tunnel-group xx.xx.xx.xx ipsec-attributes
    pre-shared-key YOURKEY

If you need help on setting up the normal tunnel, please let me know.

Here is the configuration guide
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080450bb6.html
ynchan38Commented:
Also make sure your access-list allow traffic to flow through the two tunnels.

ie.
                 T1                           T2
Site A --------------> Hub <-----------------Site B

T1 tunnel allows Site A traffic to Site B and T2 tunnel allows Site B traffic to Site A.
CiscotekAuthor Commented:
Can you do that on the PIX 6.3(3) as well?

Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

calvinetterCommented:

The "tunnel-group" command isn't supported on 6.3(4), so looks like this config isn't supported on anything <7.x.
  (Unless there is a workaround in 6.3 code).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CiscotekAuthor Commented:
I was just testing cause I know it's not available in the 6.3x code.  This is pretty much why 7.0 was developed... to hear cisco tell it.
CiscotekAuthor Commented:
Admin - Please close question.  No points awarded.

No fix given
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.