[fw-wiz] PIX in multiple IPsec roles




Is there a plausible way to convince a PIX to pass through an
IPsec tunnel to another device while simultaneously being an
endpoint for a different tunnel?

I have sites A, B, and C. Each has a PIX515E with tunnels to the
other two sites.

Now a vendor wants to establish a tunnel to a device inside
PIX A. I seem to be lacking the right keywords to search for
this.

-dsr-


--
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
You can't defend freedom by getting rid of it.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [Edit] VPN pix 506 to 501 ...
    ... After, if that not resolve the problem, i will change the crypto map by ... > which tells the PIX to ignore the interface ACLs for tunnel traffic. ... unless you had turned that off with 'logging message'... ...
    (comp.dcom.sys.cisco)
  • Re: IPsec performance just 55% of WAN bandwidth
    ... It looks like pings with a payload larger than 1418 bytes are ... I do not know why 1000 exactly, and PIX offers no way to ... SHA-1 is used for the authentication, ... Are the pings going inside the tunnel or outside the tunnel? ...
    (comp.security.misc)
  • Re: IPsec performance just 55% of WAN bandwidth
    ... It looks like pings with a payload larger than 1418 bytes are ... I do not know why 1000 exactly, and PIX offers no way to ... SHA-1 is used for the authentication, ... Are the pings going inside the tunnel or outside the tunnel? ...
    (comp.security.firewalls)
  • PIX packets get NATed which shouldnt
    ... A PIX 501 Version 6.3 managing an IPSec tunnel to an ASA 5510 seems ... to to source NAT on outgoing packets which according to its config ... with its RFC1918 destination address the packet could never have ...
    (comp.dcom.sys.cisco)
  • Re: Cisco PIX VPN access-lists
    ... IPSec tunnel between a Cisco PIX and a Juniper SSG 20. ... Can you specify host and port access lists using that crypto map match ...
    (comp.dcom.sys.cisco)