Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Mutli IPSEC tunnel between 4 x PIX

from [Jason Ha] Network Security [Permanent Link]
Subject: RE: Mutli IPSEC tunnel between 4 x PIX
Date: Fri, 18 Mar 2005 11:58:55 +1100 
Heya Anthony,

Are you talking about a full-mesh? It certainly is possible, but it's
rather messy to maintain from an administrative perspective. I don't
have a configuration handy (though I would be happy to work through one
with you), but more or less, each firewall will have a tunnel to the
other 3 firewalls (a total of 6 tunnels). Sorry to keep harping on about
PIX OS 7 folks, but it does really have a lot of neat new features for
exactly these type of scenarios. If one of your PIX firewalls is more
like a head office (and there's a good chance of that), then you can
configure Hub and Spoke VPNs in OS 7. That is, there is a single PIX in
which all the other firewalls establish their IPSec tunnel to. Sites can
then communicate with each other through the hub site. This is
especially useful because it allows the hub site to control access
between all the other sites.

The other benefit of OS 7 is the ability to configure dynamic routing
on-top of the hub and spoke configuration, enabling you to manage your
tunnels more efficiently.

Hope this gives you son insight.

Regards,

Jason Ha [CISSP, CCSE, JNCIS-FWV]
Senior Security Engineer,
Security Operations Centre
VeriSign Australia


-----Original Message-----
From: Geoffron, Anthony [mailto:anthony.geoffron@oberthurusa.com] 
Sent: Thursday, 17 March 2005 12:01 PM
To: firewalls@securityfocus.com
Subject: Mutli IPSEC tunnel between 4 x PIX

Anyone has ever done a multi ipsec config between 4 PIX 515 ?

Each PIX would have a IPSEC tunnel with each other 4 PIX. Any limitation
I should be aware of which would limit the number of tunnels?

Also if anyone did it I would be happy to look into the configuration.

Thanks
###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.
For more information, connect to http://www.F-Secure.com/


------------------------------------------------------------------------
--
FREE Download - The Future in Desktop Firewalls is Available Now
 
NEW NetOp Desktop Firewall, the world's first driver-centric firewall
software - protecting your laptops and corporate PCs at ring-zero! NetOp
features sophisticated process & application control, centralized
management and multiple network user profiles - NetOp is able to
increase security when mobile users plug back into your network. Step
into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_firewalls_050315
------------------------------------------------------------------------
--



--------------------------------------------------------------------------
FREE Download - The Future in Desktop Firewalls is Available Now
 
NEW NetOp Desktop Firewall, the world's first driver-centric 
firewall software - protecting your laptops and corporate PCs at  
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back 
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_firewalls_050315
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ISA + Iptables, blindhorizon
Next by Date:  Re: Most secure small home office firewall under $700, herauthon
Previous by Thread:  Mutli IPSEC tunnel between 4 x PIX, Geoffron, Anthony
Next by Thread:  RE: Mutli IPSEC tunnel between 4 x PIX, Charlie Winckless
Indexes:  [Date] [Thread] [Top] [All Lists]