RE: [fw-wiz] PIX to Router IPSec

From: Shirley, David (David.Shirley_at_team.telstra.com)
Date: 06/09/04

  • Next message: Vinicius Moreira Mello: "RE: [fw-wiz] VLAN Security" 
    To: <ghideon@ghideon.com>, <firewall-wizards@honor.icsalabs.com>
Date: Wed, 9 Jun 2004 13:45:52 +1000

    Hi Tony,

    Not sure if anyone has helped you with this but my advise is as follows:

    Forget about the router with the 2 public IP's - just so long as it will
    permit IPSEC traffic through it to the PIX it will be fine.

    Basically you are setting up a VPN tunnel from PIX to PIX - if you need
    help with conf's check out cisco.com there are many PIX -> * VPN example
    configs.

    You can go PIX->router but you need to work out what is *best* for you -
    ie who will be using the VPN? Clients behind the PIX or clients behind
    the router? If it's clients behind the PIX I would terminate the VPN at
    the PIX rather than the router!

    Cheers
    Dave

    ----------------------------------------------------------------
    David Shirley
    Telstra InterNetworking Solutions
    INS Firewall Team
    Phone: (03) 86615977
    Mobile: 0417020119
    Email: David.Shirley@team.telstra.com
    ----------------------------------------------------------------

    > -----Original Message-----
    > From: ghideon@ghideon.com [mailto:ghideon@ghideon.com]
    > Sent: Tuesday, 8 June 2004 9:18 AM
    > To: firewall-wizards@honor.icsalabs.com
    > Subject: [fw-wiz] PIX to Router IPSec
    >
    > Need some advice on the following:
    >
    > I'm going to establish a PIX to Router IPSec tunnel between two
    locations.
    > The PIX has a public IP and a private IP, and the router has two
    public
    > IPs.
    >
    > I'm having trouble wrapping my mind around this. Since the router has
    > public IPs, I will need to pass the traffic to another PIX that sits
    > behind the router, since that second PIX has a public IP and a private
    IP.
    > Is this making any sense? Or is what I'm trying to do not possible?
    If
    > worse comes to worse, I can just go from PIX to PIX.
    >
    > Thanks
    > Tony
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Vinicius Moreira Mello: "RE: [fw-wiz] VLAN Security"

    Relevant Pages

    • SBS2k3 Server not responding to VPN Clients & Advice on SP2 Firewall configuration for VPN use
      ... We are using a Cisco PIX firewall and have remote workstations ... terminate on the PIX which is sitting in front out our internal network. ... The PIX VPN is working correctly and we are able to ping internal ... Unfortunately the external clients are unable to contact the SBS2k3 server ...
      (microsoft.public.windows.server.sbs)
    • Re: VPN Beginners help
      ... > the remote client to access our domain through the PIX VPN? ... The SecurID is a two-factor hand-held authenication token which continuously ... "Cisco PIX security appliances support various remote access VPN clients ...
      (comp.security.firewalls)
    • Re: Internet access for VPN client
      ... No, you could keep the upper topology with one difference: currently, the VPN tunnel terminated at the PIX and form there on, it's pure IP through the LAN. ... What you need is an IPsec tunnel through the PIX right to the router, connecting to a different IP address from the client. ... >About the other way, setting up a proxy server inside the local lan, I ...
      (comp.dcom.sys.cisco)
    • Re: [fw-wiz] PIX to Router IPSec
      ... The most important concept in IPSec VPN implementation is staying focused ... Many PIX users stumble over one of two common issues. ... Even if it is a near duplicate ACL; ... >I'm going to establish a PIX to Router IPSec tunnel between two locations. ...
      (Firewall-Wizards)
    • Re: SBS2k3 Server not responding to VPN Clients & Advice on SP2 Firewall configuration for VPN u
      ... SBS or the PIX server? ... > workstations and internal workstations can ping the external clients. ... and when VPN clients connect into the network they are ...
      (microsoft.public.windows.server.sbs)