IOS 7 Spoke to Spoke VPN

Discussion in 'Cisco' started by Dave, Jul 19, 2005.

  1. Dave

    Dave Guest

    Hi folks,

    before I buy a PIX 515 I wonder if someone can help me answer this

    I'll have a PIX 515 on my network with public IP on Outside Interface,
    I have customerA that VPNs to this PIX using Cisco VPN Client 4.6, I
    have customerB who does a site-site VPN to my 515. The IOS version will
    be 7.0. I want CustomerA to be able to talk to CustomerB.

    I know that a spoke to spoke configuration can be done with 2 site-site
    VPN's but can one be done with one a VPN client and the other a

    here's a link for the 2 site-site VPN's...

    Dave, Jul 19, 2005
    1. Advertisements

  2. Hi Dave,

    You may want to investigate Cisco PIX Security Appliance Release Notes
    Version 7.0(1)

    Virtual Private Networking (VPN) Services

    Enhanced Spoke-to-Spoke VPN Support

    Version 7.0(1) improves support for spoke-to-spoke (and
    client-to-client) VPN communications, by providing the ability for
    encrypted traffic to enter and leave the same interface. Furthermore,
    split-tunnel remote access connections can now be terminated on the
    outside interface for the security appliance, allowing
    Internet-destined traffic from remote access user VPN tunnels to leave
    on the same interface as it arrived (after firewall rules have been

    The same-security-traffic command permits traffic to enter and exit the
    same interface when used with the intra-interface keyword enabling
    spoke-to-spoke VPN support. For more information, see the " Permitting
    Intra-Interface Traffic" section in the in the Cisco Security Appliance
    Command Line Configuration Guide.

    Hope this helps.

    Brad Reese
    BradReese.Com Cisco Repair Service Experts
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    U.S. Toll Free: 877-549-2680
    International: 828-277-7272
    www.BradReese.Com, Jul 19, 2005
    1. Advertisements

  3. Dave

    Dave Guest

    Cheers Brad,

    It sounds like it would work using the command

    same-security-traffic permit intra-interface

    But would that allow traffic from a VPN client and a Site-Site VPN?

    Would it work if I gave my VPN Clients the same IP Range as my VPN
    Tunnel on the Site-Site?

    Dave, Jul 20, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.