cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
277
Views
0
Helpful
2
Replies

PIX Case outside inside

greg-bnets
Level 1
Level 1

Hi there, attached is what i want to do.

I want to:

1.start a vpn site to site with the pix firewall A and the Checkpoint VPN.

2.pc has to connect to PC 3(via the VPN)and also to PC1 on the Lan ext.

3. For testing i want pc1 and pc3 to be able to ping PC2 and vice versa, pc2 to ping pc3 and pc1

can this be established? how can i do this. can some one point me in the right direction? Thanks

2 Replies 2

Fernando_Meza
Level 7
Level 7

Hi .. OK

Let's divide this in two tasks.

1.- Communication between PC1 and PC2

* on the PIX You need a static NAT entry for PC2 as below

static (inside,outside1) PC2-Real-IP-Address PC2-Real-IP-Address netmask 255.255.255.255

* allow access from PC1 to PC2

access-list outside1_inside permit icmp host PC1 host PC2-Real-IP-Address

access-group outside1_inside in interface outside1

* If you have an access list applied to the inside interface then you need

to add an entry that allows icmp access from PC2 to PC1 i.e

access-list inside-out permit icmp host PC2-Real-IP-Address host PC1

access-group inside-out in interface inside

* You might need to add a static route on the firewall for 192.168.3.0/24

route outside1 192.168.3.0 255.255.255.0 10.10.40.2

* Make sure any other devices between those segments know how to get to each other

2.- Communication between PC2 and PC3

Can you clarify .. is the VPN between routerA and Checkpoint already UP ?

if it is then we would need to have a look at the config of routerA before sugggesting

next steps to follow.

I hope it helps .. please rate it if it does !!!

Hi ferando.

I did some home work and resolved the issue. But thanks for the help anyway. i will still rate for you. What i still have is that with the VPN my site can only initiate the tunnel to be up. Lets only if i start pinging the other side, they can ping me back. How can i keep the tunnel up 24/7?

Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: