PIX Case outside inside

Unanswered Question
Nov 2nd, 2007

Hi there, attached is what i want to do.


I want to:

1.start a vpn site to site with the pix firewall A and the Checkpoint VPN.

2.pc has to connect to PC 3(via the VPN)and also to PC1 on the Lan ext.

3. For testing i want pc1 and pc3 to be able to ping PC2 and vice versa, pc2 to ping pc3 and pc1


can this be established? how can i do this. can some one point me in the right direction? Thanks



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Fernando_Meza Wed, 11/07/2007 - 14:30

Hi .. OK


Let's divide this in two tasks.


1.- Communication between PC1 and PC2


* on the PIX You need a static NAT entry for PC2 as below


static (inside,outside1) PC2-Real-IP-Address PC2-Real-IP-Address netmask 255.255.255.255


* allow access from PC1 to PC2

access-list outside1_inside permit icmp host PC1 host PC2-Real-IP-Address

access-group outside1_inside in interface outside1


* If you have an access list applied to the inside interface then you need

to add an entry that allows icmp access from PC2 to PC1 i.e

access-list inside-out permit icmp host PC2-Real-IP-Address host PC1

access-group inside-out in interface inside


* You might need to add a static route on the firewall for 192.168.3.0/24

route outside1 192.168.3.0 255.255.255.0 10.10.40.2


* Make sure any other devices between those segments know how to get to each other


2.- Communication between PC2 and PC3


Can you clarify .. is the VPN between routerA and Checkpoint already UP ?


if it is then we would need to have a look at the config of routerA before sugggesting

next steps to follow.


I hope it helps .. please rate it if it does !!!





greg-bnets Fri, 11/09/2007 - 11:15

Hi ferando.


I did some home work and resolved the issue. But thanks for the help anyway. i will still rate for you. What i still have is that with the VPN my site can only initiate the tunnel to be up. Lets only if i start pinging the other side, they can ping me back. How can i keep the tunnel up 24/7?


Thanks.

Actions

This Discussion