I dont quite understand your question or the senario. If you want to enable traffic between Host 1 and Host 2 and Host2 is connected to the PIX OutSide Interace LAN, then why you need IPSEC tunnel between Router and PIX. If you looking in to security point of view then either move host 2 behind the PIX or Create VPN tunnel between router and Host 2 etc. I dont know what OS you are running on Host 2 but most of the Server OS supports VPN tunneling.
-- Curious MCSE, CCNP wrote in message news:[EMAIL PROTECTED] > The IPSec tunnel is between the Router and the PIX. Only Host1's traffic is > encrypted upto the PIX . Host2 is on the LAN attached to the PIX's outside > interface. > > Cheers > > Simon > > > -----Original Message----- > From: Walker, Todd [mailto:[EMAIL PROTECTED] > Sent: Saturday, March 15, 2003 11:08 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Can PIX redirect a packet from its outside interface??? > > > > Are you saying BOTH host1 and host2 have IPSec tunnels to PIX? If so, the > PIX cannot decrypt and re-encrypt back out the same interface. > > Look through the Networker's presentations for Enterprise VPN Design - there > are a few slides on the issue. > > If host2 is just on outside interface without IPSec, then you may have a > chance. But this PIX limitation may extend to your scenario as well. > > Todd > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Sat 3/15/2003 1:39 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Cc: > Subject: Can PIX redirect a packet from its outside interface??? > > > Hi, > > This must be an easy one for the PIX experts. > > I have a topoloy as shown below. > Host1---Router ==========IPSEC Tunnel==========(outside)PIXFirewall(inside) > | > | > > Host2 > > Host1 is trying to ping Host2. > The packet flow would be > Host1----Router------PIX-----Host2. > Is this possible??? Would the PIX forward the packet coming in via the IPSEc > tunnel on the outside interface to the Host2 which is on the LAN attached to > the outside interface.?? Please note that the packet here is not > transitting the PIX. > > > Cheers > Simonc Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65599&t=65570 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
