×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Site-To-Site VPN Question

Unanswered Question

Hi i am setting up a site to site vpn for a customer of mine. There is 3 pc's at each site and a Win 2003 server at one of the sites. I also got DSL at both locations with static ip's.


My question is:


1)Can i use a pix 501 3DES Firewall at each site. And do the site to site with them?


2)Both locations need to be able to access the internet out of there DSL line. Is this possible with split tunneling. (plan on using IPsec)


3) Is there anything specail i need to know before attempting this.


I plan to use Nat behind each firewall.


If any other info is needed please let me know. Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

1. Yup.

2. Yes that is fine. not really split tunnelling.

3. re: the no in two:


You want to get familiar with nat 1 and nat 0.


you will be using:

nat 1 0 0 0 0

or something like it (you can be more selective with it such that you only nat the ip block they use, and not everything)- this nats everything.


and a statement like:

nat 0 access-list accesslistnamehere

this disables nat for the statements in the acl names accesslistnamehere


Each pix will have a pair of nat statments, the nat 1 will enable nat for everything, and nat 0 will selectively disable it. You will need to learn to get familiar with cisco access lists.

Actions

This Discussion