Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Concentrator and PIX setup

Hi,

Does anyone know or have experience in the following.

Is it possible to have a PIX and VPN concentrator running side by side. PIX would be for Internet access in/out and conentrator would be for VPN clients connecting over the internet to access internal servers.

Any suggestions?

2 REPLIES

Re: Concentrator and PIX setup

Running a PIX and a VPN Concentrator in parallel is a fairly standard setup. I have a small switch hanging off the inside interface of my router and plug the PIX and Concentrator into the switch. Depending on how you configure the Concetrator the VPN clients could have all, some or no access to resources on the LAN.

Community Member

Re: Concentrator and PIX setup

Like Travis said, it is a fairly standard setup to have the Pix and VPN running side by side.

If your internal network is flat, this is fine if you are only doing remote access by clients. The problem arises when you try to do LAN to LAN tunnels. With a flat internal network, the firewall is your default gateway. In order to get clients to send data to the remote networks, through the VPN, you would need to add route statements pointing them to the VPN concentrator. The other options would be to either put the inside of the VPN off a DMZ on the firewall, or install a router on the internal network.

88
Views
0
Helpful
2
Replies
CreatePlease to create content