cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
15
Helpful
12
Replies

simulate Site 2 Site Vpn Between 2 pix

alsayed
Level 1
Level 1

Dears Netpro!

I want to simulate Site 2 Site Vpn Between 2 pix 515;How can i connect these 2 Pix?is Via Crosse cable or what?medan have provided me the config in previous post

regards

ALI

12 Replies 12

Jon Marshall
Hall of Fame
Hall of Fame

Hi Ali

It depends on the config medan sent. The best thing to do is to use a router between the 2 pix firewalls. You can either connect the pix firewalls directly into the router interfaces using crossover cables or you can use a switch and use straight thru cables for the pix firewalls and the router.

You can use a crossover directly between the 2 pix firewalls but you may need to modify medan's config.

Could you post config ??

Jon

Hi Jon!

as u mention i need moreover 1 router;1 switch?to simulate the Network;could u plz Drawing for me like this network

10xs

Hi Ali

Hope this comes out okay - if not i'll do visio.

------------ Local Lan 1

|

|

| inside interface

------

| pix1 |

------

| outside interface

|

| e0

------

|router|

------

| e1

|

| outside interface

------

| pix2 |

------

| inside interface

|

|

----------- Local Lan 2

You can use one switch to create all this.

You need 4 vlans on the switch. They will be used as follows

1) Vlan for local lan 1 + inside interface of pix1.

2) Vlan for pix1 outside interface and router e0 interface.

3) Vlan for router e1 interface and pix2 outside interface.

4) vlan for pix2 inside interface and local lan 2.

Alternatively you can just use crossover cables everywhere and not bother with a switch.

HTH

Jon

Dear Jon!

appreciate ur great reply to my all posts

10xs a lot

ALI

HI JON!

if i use switch instead of routerplz list a simple config for this:

1)Vlan for local lan 1 + inside interface of pix1

2)

if on the router also plz list a simple config

10xs for ur help

Hi Jon!

if u have config like this scenario or similar plz provide it to me

10xs

Hi Ali

Could you let me know which bits of kit you want to use and whether you are going to connect the pix devices directly together or whether you want a router in between.

Also do you want to use a switch or not.

Which configs do you need ?

Jon

Hi Jon!

i will use switch 3550.

10xs for ur reply

ALI

Hi Jon!

i still waiting ur config for the scenario

10xs

Hi Ali

Sorry, i just wasn't sure what config you needed.

You have 2 pix firewalls and a 3550 switch.

On the switch

3550(config)# vlan 10

3550(config-vlan)# name local_lan1

3550(config)# vlan 11

3550(config-vlan)# name pix1_outside

3550(config)# vlan 12

3550(config-vlan)# name local_lan2

3550(config)# int range fa0/1 - 2

3550(config-if-range)# switchport

3550(config-if-range)# switchport access vlan 10

3550(config-if-range)# spanning-tree portfast

3550(config)# int range fa0/3 - 4

3550(config-if-range)# switchport

3550(config-if-range)# switchport access vlan 11

3550(config-if-range)# spanning-tree portfast

3550(config)# int range fa0/5 - 6

3550(config-if-range)# switchport

3550(config-if-range)# switchport access vlan 12

3550(config-if-range)# spanning-tree portfast

Connect pix1 inside interface into vlan 10. The other port in vlan 10 is used for a pc.

Connect pix1 outside interface into vlan 11.

Connect pix2 outside interface into vlan 11

Connect pix2 inside interface into vlan 12. The other port in vlan 12 can be used for a pc.

With this setup the outside interface of pix1 and the outside interface of pix2 need to be in

the same IP subnet.

So example addressing

PC1 (192.168.1.2/24) -> PIX1(inside) 192.168.1.1/24 -> PIX1(outside) 192.168.5.1/30 ->

PIX2(outside) 192.168.5.2/30 -> PIX2(inside) 192.168.10.1/24 -> PC2 (192.168.10.2/24)

You will probably need to modify Medan's config.

if you want to put a router in between the pix firewalls then let me know.

HTH

Jon

Hello Jon

what about the Router between these 2 pixs;what would be the config?

10xs

Hi Ali

You could use crossovers between the pix firewalls and the router but assuming you use a switch for all the connectivity

3550(config)# vlan 10

3550(config-vlan)# name local_lan1

3550(config)# vlan 11

3550(config-vlan)# name pix1_to_router

3550(config)# vlan 14

3550(config-vlan)# name router_to_pix2

3550(config)# vlan 15

3550(config-vlan)# name local_lan2

3550(config)# int range fa0/1 - 2

3550(config-if-range)# switchport

3550(config-if-range)# switchport access vlan 10

3550(config-if-range)# spanning-tree portfast

3550(config)# int range fa0/3 - 4

3550(config-if-range)# switchport

3550(config-if-range)# switchport access vlan 11

3550(config-if-range)# spanning-tree portfast

3550(config)# int range fa0/5 - 6

3550(config-if-range)# switchport

3550(config-if-range)# switchport access vlan 14

3550(config-if-range)# spanning-tree portfast

3550(config)# int range fa0/7 - 8

3550(config-if-range)# switchport

3550(config-if-range)# switchport access vlan 15

3550(config-if-range)# spanning-tree portfast

router(config)#int fa0/0

router(config-if)# ip address 10.5.1.1 255.255.255.252

router(config-if)# no shut

router(config)#int fa0/1

router(config-if)# ip address 10.6.1.1 255.255.255.252

router(config-if)# no shut

Connect pix1 inside interface into vlan 10. The other port in vlan 10 is used for a pc.

Connect pix1 outside interface into vlan 11.

Connect fa0/0 interface on router into vlan 11.

Connect fa0/1 interface on router into vlan 14

Connect pix2 outside interface into vlan 14

Connect pix2 inside interface into vlan 15. The other port in vlan 15 can be used for a pc.

Example addressing

PC1 (192.168.1.2/24) -> PIX1(inside) 192.168.1.1/24 -> PIX1(outside) 10.5.1.2/30 ->

router (fa0/0) 10.5.1.1/30 -> router (fa0/1) 10.6.1.1 -> PIX2(outside) 10.6.1.2 ->

PIX2(inside) 192.168.10.1/24 -> PC2 (192.168.10.2/24)

HTH

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: