From: Walker, Todd (todd.walker@seurat.com)
Date: Sat Mar 15 2003 - 14:38:23 GMT-3
Are you saying BOTH host1 and host2 have IPSec tunnels to PIX? If so, the PIX cannot decrypt and re-encrypt back out the same interface.
Look through the Networker's presentations for Enterprise VPN Design - there are a few slides on the issue.
If host2 is just on outside interface without IPSec, then you may have a chance. But this PIX limitation may extend to your scenario as well.
Todd
-----Original Message-----
From: simonkc@netsol.co.in [mailto:simonkc@netsol.co.in]
Sent: Sat 3/15/2003 1:39 AM
To: cisco@groupstudy.com; ccielab@groupstudy.com
Cc:
Subject: Can PIX redirect a packet from its outside interface???
Hi,
This must be an easy one for the PIX experts.
I have a topoloy as shown below.
Host1---Router ==========IPSEC Tunnel==========(outside)PIXFirewall(inside)
|
|
Host2
Host1 is trying to ping Host2.
The packet flow would be
Host1----Router------PIX-----Host2.
Is this possible??? Would the PIX forward the packet coming in via the IPSEc
tunnel on the outside interface to the Host2 which is on the LAN attached to
the outside interface.?? Please note that the packet here is not
transitting the PIX.
Cheers
Simonc
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:40 GMT-3