Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
0
Helpful
3
Replies

Hub & Spoke with VPN Client

mplant
Level 1
Level 1

‎11-12-2003 05:21 PM - edited ‎02-21-2020 12:52 PM

Hi,

Customer has Cisco837 (Site A) and a PIX 501 (Site B). working perfectly in a site-to-site VPN. A remote access VPN is configured on (B), but because of the PIX routing limitations, they of course can't access site (A).

Has anyone has any success with a configuration similar to http://www.cisco.com/warp/public/707/ios_hub_spoke2.html , using a VPN client as a spoke, the router (A) as the "hub" and the PIX (B) as the other spoke?

I've conf'd a test config, and while the hub router (A) tries to pass the traffic, the PIX doesn't seem to want to know about it.

Labels:
0 Helpful
3 Replies 3

a-vazquez
Level 6
Level 6

‎11-18-2003 02:02 PM

Try this document:

http://www.cisco.com/warp/public/110/pixhubspoke.html

0 Helpful

Not applicable

‎11-21-2003 03:32 PM

Hi:

I do not think you are going to get this to work since the PIX is not going to route the VPN packets back out the interface (Outside in this case) it originally received the packets on.

Depending on what your customer wants to do, why not setup a host on the network behind the PIX that they can Terminal Services into, or ssh into and then from that host, access the resources on the network behind the Cisco837? Good luck.

0 Helpful

mplant
Level 1
Level 1
In response to

‎11-25-2003 12:21 PM

The idea is to use the PIX as the end point, not the central hub. I'm aware of the PIX's limitations in this regard.

0 Helpful
Customers Also Viewed These Support Documents