Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

routing between vpn segments

Status
Not open for further replies.
mmkcia

mmkcia

IS-IT--Management
Apr 11, 2007
19
0
0
SY
hi all

i have 3 cisco pix firewall 506e configuered as the following

A------vpn------B------vpn------C

this means a connect b with ipsec tunnel and b connect c with ipsec tunnel but there is no link between A&C
1- is there is a way to route between them using B site
not ordinary route (vpn tunnel)
2- is there is some special pix meshing the all peers connecting to it

thanks ,

momustafa m. kaid
ccna
commuim group
iraq
 
Sort by date Sort by votes
You would need to have a vpn from A to C to have that happen with the 506s.
With pix OS7 you can have a hub and spoke topology for the VPN where branches connect to each other through the central ASA/PIX. You would need an ASA or a pix 515e or higher as the hub to accomplish that.




Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
thanks mr brent for answering me
actully i got 18 peer 506e and they r full meshed each pix have vpn tunnel with other 17 but it take 80 % of memory so i am afraid to slow down the traffic if any more peers added
and u know 506e allow me max 25 peer so i need 515 hub and spoke configuration and if u can tell me more about hub and spoke.

thanks alot

moustafa m kaid
ccna
commium group
iraq
 
Upvote 0 Downvote
That link pretty much tells you everything you need to know. You might want to up it to an ASA5520 instead of a 515 for that many concurrent tunnels if they are passing a lot of traffic.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
yes thanks i think about 5510 or 5520 thanks alot
 
Upvote 0 Downvote
yes but i need an example if you have to the config
i dont know the site is not opened




regards,
 
Upvote 0 Downvote
is pix 5510 work on IOS7 (i mean did it support) hub and spoke



Regards,


moustafa m kaid
ccna
commium group
iraq
 
Upvote 0 Downvote
Yes, The ASA devices are the replacements for the PIX appliances. They all run on OS7x code. The old pix 515 and up can be upgraded to that os but do not benefit from the better hardware.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
239
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
106
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
297
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
80
WhosYourDiffie
WhosYourDiffie
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
73
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top