857W and PIX-501 Query

Unanswered Question
Jul 23rd, 2007
User Badges:

Hi all.


I am trying to set up a multi site VPN using Cisco 857W Routers for DSL connectivity and a PIX-501 at each site. The client will also need Microsoft VPN client access to the PIX at the main site. I am having all sorts of trouble and I think it is due to the 857W stopping the PPTP traffic. Can someone give me some pointers on basically allowing all traffic through the 857W to the PIX. Do I need to create any port forwarding on the 857W to allow traffic through to the PIX? Any help greatly appreciated.


Cheers,


Damien

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rkazmierczak Tue, 07/24/2007 - 03:42
User Badges:

If you plan to use 857s, why don't you configure vpn and firewall on them? It is true to some extent that the 501s tend to be more 'stable' as the software 6.3(5) is very 'mature' But 857s work generally Ok too.

But if you stick with 501 and use 857 just to provide DSL connectivity, make sure there is no firewall running on it and no access-list is blocking the legitimate traffic. It is probably best to assign a public address to the external interface of the pix and do nat on it. (use ip innumbered on the DSL interface)

Then PPTP should work OK then.

damienh77 Tue, 07/24/2007 - 05:37
User Badges:

Thanks for your reply. The client has purchased the PIX 501's so I would like to set them up with these if possible. The 857's are supplied standard from their DSL provider.


I will disable the firewall on the 857's as per your suggestion. Could you please explain further how I might assign their public IP to the outside PIX interface and not the 857? Sorry, I am learning fast but have only been working with Cisco gear a few weeks.

rkazmierczak Tue, 07/24/2007 - 07:04
User Badges:

You need at least 2 public ip addresses from the ISP per site with /30 mask.

one of them you assign to the external interface of the pix (e.g. 2.2.2.2) and the other to the internal interface of the router

int vlan 1

ip add 2.2.2.1 255.255.255.252

then on the external interface of the router, depending on how it is configured, you do e.g.


int dialer0

ip unnumbered vlan 1


the vlan 1 interface of the router is the default gateway for the pix.

I hope this helps

Rafal



Actions

This Discussion