Link to home
Start Free TrialLog in
Avatar of zeusindc
zeusindc

asked on

PIX-PIX-ASA Mesh Topology

We have a SITE A with PIX 525 [ 10.1.1.x ; 10.1.2.x & 10.1.3.x] and SITE B with a ASA [10.1.4.x]. There is an L2L tunnel between the both and it works fine.
Now I have to add another SITE C with a PIX 525[10.1.5.x & 10.1.6.x]
I would like to create a VPN tunnel in a mesh topology as such that all of them can see each other as extended LAN.

So do I just need to create a VPN tunnel from my SITE C to SITE A and from SITE C to SITE B? will that work

Thanks
Avatar of Tomas Valenta
Tomas Valenta
Flag of Czechia image

Hi,
it could be enaugh to create only tunel A-C and correctly setup routing policies.
Avatar of zeusindc
zeusindc

ASKER

I thought you cannot route traffic with PIX...
like the traffic coming from SITE C to SITE A tunnel will not be able to use the tunnel from SITE A to SITE B

 Basically I wont be able to go from SITE A [10.1.5.x or 10.1.6x] to SITE C [10.1.4.x] using the IPSEC tunnel route SITE C--->SITE A---> SITE B

is that correct?
In configuration of the tunnel you specify directions (Policy routing) for what the trafic is directed to the tunnel. Here must be in C router: Site A and also site B and the same config in B site (route to A and C). In firewall configurations (depend on vendor) additionaly you must specify filter rules - allow packet from C flow to the B and vice versa.
For a true mesh, yes you would create tunnels from C->A and from C->B. (tunnels must be configured from both sides/both directions)

This way if site any one site goes down, the other two sites will still be able to reach each other.
Mkielar:
when you say both directions ...isnt a tunnel both directions any ways?

MESH topology would mean If tunnel between A-C goes down , A should be able to go to C via B? but I dont think you can do that with PIX

Tominov
Vendor is Cisco (PIX) ...how do you create policy route on PIX
ASKER CERTIFIED SOLUTION
Avatar of mkielar
mkielar
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial