IOS 7 Spoke to Spoke VPN

Discussion in 'Cisco' started by Dave, Jul 19, 2005.

  1. Dave

    Dave Guest

    Hi folks,

    before I buy a PIX 515 I wonder if someone can help me answer this
    question?

    I'll have a PIX 515 on my network with public IP on Outside Interface,
    I have customerA that VPNs to this PIX using Cisco VPN Client 4.6, I
    have customerB who does a site-site VPN to my 515. The IOS version will
    be 7.0. I want CustomerA to be able to talk to CustomerB.

    I know that a spoke to spoke configuration can be done with 2 site-site
    VPN's but can one be done with one a VPN client and the other a
    site-site?

    here's a link for the 2 site-site VPN's...

    http://www.cisco.com/warp/public/110/enhance-vpn-pix70.pdf

    cheers
    Dave
     
    Dave, Jul 19, 2005
    #1
    1. Advertisements

  2. Hi Dave,

    You may want to investigate Cisco PIX Security Appliance Release Notes
    Version 7.0(1)

    Virtual Private Networking (VPN) Services

    Enhanced Spoke-to-Spoke VPN Support

    Version 7.0(1) improves support for spoke-to-spoke (and
    client-to-client) VPN communications, by providing the ability for
    encrypted traffic to enter and leave the same interface. Furthermore,
    split-tunnel remote access connections can now be terminated on the
    outside interface for the security appliance, allowing
    Internet-destined traffic from remote access user VPN tunnels to leave
    on the same interface as it arrived (after firewall rules have been
    applied).

    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/70_rn/pix_70rn.htm#wp162358

    The same-security-traffic command permits traffic to enter and exit the
    same interface when used with the intra-interface keyword enabling
    spoke-to-spoke VPN support. For more information, see the " Permitting
    Intra-Interface Traffic" section in the in the Cisco Security Appliance
    Command Line Configuration Guide.

    http://www.cisco.com/en/US/products..._guide_chapter09186a0080450beb.html#wp1042114

    Hope this helps.

    Brad Reese
    BradReese.Com Cisco Repair Service Experts
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    U.S. Toll Free: 877-549-2680
    International: 828-277-7272
    Website: http://www.bradreese.com/cisco-big-iron-repair.htm
     
    www.BradReese.Com, Jul 19, 2005
    #2
    1. Advertisements

  3. Dave

    Dave Guest

    Cheers Brad,

    It sounds like it would work using the command

    same-security-traffic permit intra-interface

    But would that allow traffic from a VPN client and a Site-Site VPN?

    Would it work if I gave my VPN Clients the same IP Range as my VPN
    Tunnel on the Site-Site?

    Dave
     
    Dave, Jul 20, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.