- Super Bronze, 10000 points or more
Im currently doing my final work for my school and it concerns building a small network model.
The network has only 2 different networking devices which are:
Cisco PIX 515E 7.1(2)
Catalyst 3550 12.2(25)SEE2
The switch has 3 different VLANs on it:
network between C3550 and PIX
VPN Pool Assigned is
The main issue atm is related to VPN use. The goal is to setup a remote VPN access to one of the VLANs from outside. Purpose is to provide a software company with access to some servers remotely with the help of VPN.
I used the VPN wizard trough PIX ASDM to configure the connection.
On the outside interface of PIX i have connected one computer thats running a DHCP server to provide PIX outside interface with an IP address. This computer is also the one im using to test if the remote VPN connection is working.
So far i have managed to connect to the inside network with from the outside computer with the Cisco VPN Client and im able to access the inside FTP server and load up the internal webpage also.
Now the problem with this test setup comes when i try to access the outside computers FTP server and HTTP server while the VPN connection is up. I wont get connection to them while i have the VPN connection up.
Sadly im pretty unfamiliar to VPN and Firewalls in general so this might be a stupid question/problem.
Is this problem caused by the fact that the VPN connection is started from the same computer thats hosting the FTP and HTTP servers that im trying to connect to from the inside network?
The final setup this small network should be in is that the PIX would be connected to ISP trough a normal DSL modem and it would get its outside IP address that way trough the DSL modem.
Is the connection problem caused by the way i have setup my devices as described above?
- Jouni Forss
The concept of the 'RemoteAccess VPN' is that, remote host(your pc connected to outside interface) can have the access to the head-end network(network behind the inside interface of the Pix) but not in the reverse direction.
Install the Ftp/Http servers on any PC behind the inside interface of the firewall and then try to access it.
Since you are trying in the reverse direction,It won't work.
Hope it helps. Revert me back if you have any queries.