Pix tunnel to non outside interface

Unanswered Question
Mar 25th, 2009
User Badges:

Have a Pix 525 behind a router. I want to

remove the router and have the Pix 525 directly connected to the Internet. That means changing the IP address of the outside interface on the Pix 525. I have several Pix 501s that tunnel to the Pix 525. I don't want to change the config on

all the Pix 501 so they tunnel to the new

IP address on the outside interface on the Pix 525. Can I bring up another interface on the Pix 525, give it the old IP address of the outside interface, and have the remote Pix 501s use the non-outside interface on the Pix 525 as the tunnel endpoint?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nitinaga Fri, 03/27/2009 - 01:21
User Badges:

Hi,


Yes it is possible for pix to have two interfaces with two ISPs. Also the 501s can connect to the old ip address on pix. but there are two situations:


1) If Pix 501s has static ip address and the default gateway to the new ip address then you have to point the public ip to the old isp alond with proxy id's.


2) If pix 501s has dynamic ip address then they will only connect to the 525 interface where you have default route pointed to.

Actions

This Discussion