Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

edw
New Member

VPN Termination

Hi,

New to the VPN side of things. I have a PIX 515E which, going outwards, connect to a C3660 unit then to the internet. I want to connect remote clients through VPN to the inside network. Now I understand I have to give the PIX a internet IP. So my questions is - is it safer to use a logical interface for this rather than the physical one ? Thus seperating the traffic. Whats the safest way ? or can i let it connect to the C3660 and pass it on ?

Thanks

Ed

4 REPLIES
Hall of Fame Super Blue

Re: VPN Termination

Hi Ed

Generally speaking you would terminate the VPN clients on the physical outside interface of your pix firewall, there is no need to make it a logical interface.

Do you have spare public IP addresses for the pix and the inside interface of the router ?

Jon

edw
New Member

Re: VPN Termination

Hi,

Yep I have loads - well enough ;) I was wondering if its more secure to have a seperate one especially due to the access-lists etc. The way its setup is its a nat'ed address range from the pix to the router and then nat'ed to public ip in the router.

I rereading the VPN setup info from the manual. I'm getting a bit confused on access-lists.

It talks about crypto access-lists for static maps (which I assume is really only for Lan-Lan traffic. I'm unsure about dynamtic maps thou. How is it linked to which traffic to let through and which not too ??? The cisco examples are really poor.

Thanks

Ed

edw
New Member

Re: VPN Termination

Hi,

I also have a problem with the authorization-server-group in the tunnel-group. It says "ERROR: Only "LOCAL", "radius" and "ldap" protocols are supported for WebVPN authorization." Yet this group is for IPSec not WebVPN??

Previous questions still stand ;)

Thanks for any answers to these questions?

Ed

edw
New Member

Re: VPN Termination

I am getting stats from the appliance - I'm not making sense of them thou.

My VPN Client sens it has to retrasmit its packet. The PIX is saying its recieved 6788 In Octets and 8 In packets of which its dropped 8 packets? Where is the problem ?

Thanks

Ed

143
Views
0
Helpful
4
Replies
CreatePlease to create content