RE: [fw-wiz] PIX to PIX VPN from within a private network.

Your best bet would be to have your ISP configure your internet router
for pass through. IE. Your PIX will get the public IP address. As it
stands now, you're not gonna be able to setup that vpn unless you can
configure that internet modem and get a little lucky.

-----Original Message-----
From: firewall-wizards-admin@xxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-admin@xxxxxxxxxxxxxxxxxx] On Behalf Of Greg
Sent: Monday, March 13, 2006 5:03 PM
To: firewall-wizards@xxxxxxxxxxxxxxxxxx
Subject: [fw-wiz] PIX to PIX VPN from within a private network.

Hello,

I have a PIX at home and would like to connect via site to site VPN
to the PIX at work which I also maintain.

The problem I think I may run into is I have a private network between
the internet router and my internal home PIX. The segment between the
internet router and the internal PIX is 10.0.0.0/24, the outside
interface of the PIX is numbered 10.0.0.1.


I'll try my hand at drawing this out:


WORK: INTERNAL-NET(10.31.0.0/16) >> PIX(NAT) >> INTERNET

HOME: INTERNAL-NET(216.138.246.208/27) >>
(inside int 216.138.246.209)PIX(outside int 10.0.0.2) >>
(10.0.0.1)Cisco827dsl(216.138.247.130) >> INTERNET

or in simple:

INTERNAL-HOME-NETW(internet routable) >> ROUTER >> PIX >> INTERNET


Can I set up a site to site vpn, apply the config to the external
interface of the pix(10.0.0.1) and be able to connect work's PIX without

issues (due to the fact 10.0.0.1 would not be routeable on the
internet)?

I hope I'm being clear in what I'm after. I envision the PIX at work
trying to connect back to 10.0.0.1.



thanks in advance,

greg



_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • RE: Router Internet Monitoring
    ... Problem with Pix is it is logging literally everything, ... Can you use the Cisco Pix Device Manager to filter the log? ... Subject: Router Internet Monitoring ... Modeled after the famous Black Hat event in ...
    (Security-Basics)
  • RE: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason
    ... Well, after researching, configuring, reconfiguring, and just a bit ... the vpn client through the SecureWay firewall. ... The PiX is outside the firewall, on its own line/lines (explained in a ... the vpn eventually) can access the internet fine. ...
    (Firewall-Wizards)
  • RE: Router Internet Monitoring
    ... Problem with Pix is it is logging literally everything, ... Can you use the Cisco Pix Device Manager to filter the log? ... Subject: Router Internet Monitoring ... Modeled after the famous Black Hat event in ...
    (Firewall-Wizards)
  • [fw-wiz] RE: Router Internet Monitoring
    ... Problem with Pix is it is logging literally everything, ... fully explored filtering, we use Kiwi Syslog Daemon for logging but the file ... Can you use the Cisco Pix Device Manager to filter the log? ... Subject: Router Internet Monitoring ...
    (Firewall-Wizards)
  • [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason
    ... Well, after researching, configuring, reconfiguring, and just a bit ... the vpn client through the SecureWay firewall. ... The PiX is outside the firewall, on its own line/lines (explained in a ... the vpn eventually) can access the internet fine. ...
    (Firewall-Wizards)