VPN Termination on Pix behind IOS Router with Private Subnet

Unanswered Question
Apr 8th, 2008

Ok, basically I am wondering if it is possible to terminate a VPN connection on a Pix 506 Firewall that is located behind an IOS router. The public interface of the Pix 506 have a private ip address on a /29 going to the IOS inside interface. Network is setup as follows:



Internet as 10Base T

| (5 Public X.X.X.34-.38)

| (Into WIC-1ENET)

| (.34 assigned to interface)

Cisco 1760

| (FastE) | (WIC-4PORTSWITCH)

| | (10.0.0.1 /29 on 1760)

Private Net Pix 506

(192.168.1.0) (10.0.0.2 /29 on Pix)


Now, both internal interfaces of the 1760 are configured for PAT out the interface IP of the 1760 and all internet traffic passes perfectly. No access-lists are currently applied anywhere on the 1760 and a static translation on the 1760 is setup for .35 to 10.0.0.2 (the pix "public" ip). RDP and other services allowed in the pix access-list work perfectly fine from the outside world when accessing .35, however if I try to terminate a VPN from a pix 501 offsite to the pix 506 using the .35 IP, it doesn't work.


Is there any way to make this type of setup work.


I realize that I could put a switch external to 1760 and run the public subnet directly and individually into the the 1760 and Pix 506, however, I'd really prefer to not need to do that if it is possible to avoid it.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion