11-02-2007 10:56 AM - edited 02-21-2020 01:45 AM
Hi there, attached is what i want to do.
I want to:
1.start a vpn site to site with the pix firewall A and the Checkpoint VPN.
2.pc has to connect to PC 3(via the VPN)and also to PC1 on the Lan ext.
3. For testing i want pc1 and pc3 to be able to ping PC2 and vice versa, pc2 to ping pc3 and pc1
can this be established? how can i do this. can some one point me in the right direction? Thanks
11-07-2007 02:30 PM
Hi .. OK
Let's divide this in two tasks.
1.- Communication between PC1 and PC2
* on the PIX You need a static NAT entry for PC2 as below
static (inside,outside1) PC2-Real-IP-Address PC2-Real-IP-Address netmask 255.255.255.255
* allow access from PC1 to PC2
access-list outside1_inside permit icmp host PC1 host PC2-Real-IP-Address
access-group outside1_inside in interface outside1
* If you have an access list applied to the inside interface then you need
to add an entry that allows icmp access from PC2 to PC1 i.e
access-list inside-out permit icmp host PC2-Real-IP-Address host PC1
access-group inside-out in interface inside
* You might need to add a static route on the firewall for 192.168.3.0/24
route outside1 192.168.3.0 255.255.255.0 10.10.40.2
* Make sure any other devices between those segments know how to get to each other
2.- Communication between PC2 and PC3
Can you clarify .. is the VPN between routerA and Checkpoint already UP ?
if it is then we would need to have a look at the config of routerA before sugggesting
next steps to follow.
I hope it helps .. please rate it if it does !!!
11-09-2007 11:15 AM
Hi ferando.
I did some home work and resolved the issue. But thanks for the help anyway. i will still rate for you. What i still have is that with the VPN my site can only initiate the tunnel to be up. Lets only if i start pinging the other side, they can ping me back. How can i keep the tunnel up 24/7?
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: