Dear JJ,
Thanks, but the document talking about PIX/ASA 7.x, my FW running 6.3 OS is
the feature supported on 6.3?
i'm searching about intra interface communication on 6.3, but it's seems to
be not found, any advice?
Best Regards,
Mounir Mohamed
On 12/12/06, Joseph Jackson <JJackson@aninetworks.com> wrote:
>
> Mounir,
>
> On the HQ pix you will have to configure intra interface
> communication so that the pix will forward packets out of the same
> interface it recivied the packet on. You will also of course need to
> configure the remote routers to send traffic for the other sites over
> the ipsec tunnel.
>
> Here is a doc from cisco.
>
> http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807
> 34db7.shtml
>
>
> -----Original Message-----
> From: cisco-nsp-bounces@puck.nether.net
> [mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of Mounir Mohamed
> Sent: Monday, December 11, 2006 3:08 PM
> To: cisco-nas; cisco-nsp@puck.nether.net
> Subject: [c-nsp] Hub-Spoke IPSEC tunnels
>
> Dear All,
>
> I have centeral Firewall (PIX535) in HQ peering via IPSEC tunnles with
> other
> 3 branches, all branches using Cisco 1700 with IOS feature set currently
> there is IPSEC tunnel between each branch and HQ FW, i need to configure
> the
> centeral FW to doing routing between all branches, so if branch x need
> to
> communicate with branch y it should establish it's IPSEC with HQ, then
> the
> HQ using the incoming traffic to initiate IPSEC tunnel with y (if idel)
> then
> routed the traffic between both branches.
>
> Mainly i need to do Hub-Spoke IPSEC tunnels due to lack of hardware in
> the
> remote branches routers.
> Is that allowed, If yes kindly advice.
>
> --
> Best Reagrds,
> Mounir Mohamed
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
Best Reagrds,
Mounir Mohamed
Thanks, but the document talking about PIX/ASA 7.x, my FW running 6.3 OS is
the feature supported on 6.3?
i'm searching about intra interface communication on 6.3, but it's seems to
be not found, any advice?
Best Regards,
Mounir Mohamed
On 12/12/06, Joseph Jackson <JJackson@aninetworks.com> wrote:
>
> Mounir,
>
> On the HQ pix you will have to configure intra interface
> communication so that the pix will forward packets out of the same
> interface it recivied the packet on. You will also of course need to
> configure the remote routers to send traffic for the other sites over
> the ipsec tunnel.
>
> Here is a doc from cisco.
>
> http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807
> 34db7.shtml
>
>
> -----Original Message-----
> From: cisco-nsp-bounces@puck.nether.net
> [mailto:cisco-nsp-bounces@puck.nether.net] On Behalf Of Mounir Mohamed
> Sent: Monday, December 11, 2006 3:08 PM
> To: cisco-nas; cisco-nsp@puck.nether.net
> Subject: [c-nsp] Hub-Spoke IPSEC tunnels
>
> Dear All,
>
> I have centeral Firewall (PIX535) in HQ peering via IPSEC tunnles with
> other
> 3 branches, all branches using Cisco 1700 with IOS feature set currently
> there is IPSEC tunnel between each branch and HQ FW, i need to configure
> the
> centeral FW to doing routing between all branches, so if branch x need
> to
> communicate with branch y it should establish it's IPSEC with HQ, then
> the
> HQ using the incoming traffic to initiate IPSEC tunnel with y (if idel)
> then
> routed the traffic between both branches.
>
> Mainly i need to do Hub-Spoke IPSEC tunnels due to lack of hardware in
> the
> remote branches routers.
> Is that allowed, If yes kindly advice.
>
> --
> Best Reagrds,
> Mounir Mohamed
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
Best Reagrds,
Mounir Mohamed