Need HELP on PIX, router, ADSL, VPN setup

Unanswered Question
Sep 5th, 2007

Hi Top NetPros & Cisco engineers.

Sorry if this doesn't fit in here.

We have a 1721 and PIX 515E. 1721 has serial (128Kbps) and ADSL (1MB/128Kbps) connections. Through PBR, PAT'ed traffic from PIX is routed to ADSL. Domino replication, SMTP and IPSec VPN connections to 3 sites are what using the Internet Leased Line.

VPN is terminated outside PIX. Accessing a critical web application on other site is very slow.

This is what I'm thinking to resolve the issue.

* Remove the existing VPN connection from the PIX to the site where the web application is running.

* Use ADSL for the VPN instead.

* 1MB/128Kbps is the max ADSL speed the ISP offers. For more bandwidth, get another ADSL line. 1721 has no spare slots so it has to be replaced so serial & 2 ADSL can be connected.

Queries/concerns:

1. Is it possible that one ADSL will be only for outbound http, FTP,etc and dedicate the other ADSL for VPN only?

2. With VPN terminated on ADSL, the traffic passing between the router and the firewall is not encrypted.

Please feel free if you have better solution.

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
umedryk Tue, 09/11/2007 - 10:10

To ensure a secure tunnel connection, the Cisco Easy VPN Remote feature does not support transform sets that provide encryption without authentication (ESP-DES and ESP-3DES) or transform sets that provide authentication without encryption (ESP-NULL ESP-SHA-HMAC and ESP-NULL ESP-MD5-HMAC)

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b7d.html

Actions

This Discussion