RE: [fw-wiz] Pass-through VPN

• Previous message: Marcus J. Ranum: "Re: [fw-wiz] SMTP forwarding question"
• Maybe in reply to: Roberts, Shawn: "[fw-wiz] Pass-through VPN"
• Next in thread: Melson, Paul: "RE: [fw-wiz] Pass-through VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Melson, Paul'" <PMelson@sequoianet.com>, firewall-wizards@honor.icsalabs.com
Date: Thu, 30 Sep 2004 13:19:00 -0600

This is a site to site VPN with one termination box inside out firewall and
the other on the outside of the firewall (where the traffic comes from).
Both of these boxes are out of our hands and we just have to ensure when the
firewall goes in the traffic still keeps going through. The VPN does not
terminate on the PIX at all, just need the traffic to go untouched through
it.

I was planning on:

access-list 131 permit udp x.x.x.x host X.X.X.X eq isakmp
access-list 131 permit esp x.x.x.x host X.X.X.X
access-list 131 permit ahp x.x.x.x host X.X.X.X

Just hoping this is correct. Thanks again

-----Original Message-----
From: Melson, Paul [mailto:PMelson@sequoianet.com]
Sent: Thursday, September 30, 2004 11:52 AM
To: Roberts, Shawn; firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Pass-through VPN

> -----Original Message-----
> I have a quick question about what I need to do on a PIX 515
> to get VPN traffic to pass through it. I have done the rest
> of the setup on this box but I want to make sure that this
> part is running correctly when I install it. Any help would
> be very much appreciated.

<PASTE> That all depends. </PASTE>

Is this a site-to-site or client tunnel? Is the traffic originating
inside or outside the firewall? Is it PPTP, L2TP, or IPSec/ISAKMP (or
SKIP, if you're a BorderManager user)? Is the PIX a termination point
for other VPN connections? All of these effect how you need to
configure the PIX.

PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Marcus J. Ranum: "Re: [fw-wiz] SMTP forwarding question"
• Maybe in reply to: Roberts, Shawn: "[fw-wiz] Pass-through VPN"
• Next in thread: Melson, Paul: "RE: [fw-wiz] Pass-through VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages SBS2k3 Server not responding to VPN Clients & Advice on SP2 Firewall configuration for VPN use ... We are using a Cisco PIX firewall and have remote workstations ... terminate on the PIX which is sitting in front out our internal network. ... The PIX VPN is working correctly and we are able to ping internal ... Unfortunately the external clients are unable to contact the SBS2k3 server ... (microsoft.public.windows.server.sbs) Re: VPN and third party appliances ... The firewall is setup for NAT, I have checked my personal firewall at home ... into the network the connection stalls then eventually disconnects. ... a VPN config that I may have missed in AD or something with win2k3sbs. ... > remote access VPN with a Cisco PIX as the VPN Server. ... (microsoft.public.windows.server.sbs) RE: [fw-wiz] insecurity in internet connection thro cable modems ... They are both similar firewall types, but if you're partial to the PIX CLI ... If I'm building a larger VPN infrastructure though, ... > Netscreens. ... (Firewall-Wizards) RE: Firewall Hardware Recommendations ... VPN Licensees + Client Licensees = More then a PIX 515. ... What cisco firewall do you currently have and what version OS ... (Security-Basics) Re: Firewall Hardware Recommendations ... are an excellent alternative for second line and vpn solutions. ... Subject: Firewall Hardware Recommendations ... VPN Licensees + Client Licensees = More then a PIX 515. ... What cisco firewall do you currently have and what version OS ... (Security-Basics)