Can this be done?

Unanswered Question
Nov 30th, 2006
User Badges:

Hi all:


I currently have a T1 connection coming into a 1700 cisco router and a pix 515. I wanted to get add a dsl modem for internet access only. My first plan was to add another router and add routes on that (the cisco 1700 isn't our router and I do not have access to it) But someone suggested the following: Could I attach the dsl to another interface on the pix and direct all internet though that and only vpn traffic through the T1 (connection only used for office work).


Thanks for any info!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.kiprawih Sun, 12/03/2006 - 06:38
User Badges:
  • Gold, 750 points or more

I think it's doable.


For existing T1 which connected on Outside interface, set specific route to VPN peer ip address. Apply nonat here as well. Make sure the ACL is correctly identify the source and destination network addresses. Do not configure 'global' here.


For new DSL, connect to e1 interface @ DMZ. Set default route via this interface. Tie the nat & global statement together, which defining/allowing internal segment to start connection and uses the DMZ to go out to internet (as global IP). Make sure you have necessary ACL to allow who/what can go in/out via permitted tcp/udp protocols.


HTH

AK

Actions

This Discussion