• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

Using existing site-site vpn to route packet in PIX

I've setup a vpn using PIX from siteA(192.168.1.0) to siteB(192.168.2.0)
and from siteB(192.168.2.0 to siteC(192.168.3.0)
it is possible to for siteA to reach siteC without another VPN just by going through siteB?
how do i configure this in PIX?
0
ryder0707
Asked:
ryder0707
2 Solutions
 
lrmooreCommented:
Only if the PIX at site A is running or is capable of running PIX OS 7.x or above, then you can enable enhanced hub/spoke vpn.

If using PIX 501 or 506's you are out of luck. You can only do a full mesh, which isn't so bad with only 3 sites anyway. It really only gets out of hand when you have a whole bunch of sites to deal with.

0
 
Alan Huseyin KayahanCommented:
  Hello ryder0707,
      In PIX in Site B, you should enable U turn traffic (lets the traffic that enters the interface exit from the same interface). The command is "same-security-traffic permit intra-interface" which is available in 7.x IOS.  If you have a release of PIX (0.e 501) which cant have 7.x IOS, that means you wont be able to achieve what you want.

http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_the_hairpinning_feature_on_the_PIX/ASA
Regards
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now