Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
1
Replies

getting firewalls to talk to each other

carbonscoring
Level 1
Level 1

‎11-10-2007 05:17 PM - edited ‎03-09-2019 07:19 PM

I have two pix 515's. I have equipment that I need to access behind one firewall on a 10.10.14.xx subnet. The other firewall where I reside is on a 10.10.12.xx subnet behind the other firewall. On the 10.10.14.xx network firewall I have static (inside,outside) statements that tell the firewall from external ip address mapped to internal ip address. I also have a conduit permit statement saying external host ip address permit by external subnet of our LAN.

So what happens is while I'm at work in my 10.10.12.xx network its NAT to and external IP address. employees access equipment by external ip address and it works great. Once I get home I can't access it and thats good. I want employees to use VPN. However thats not set up correctly. VPN is set to only have access to 10.10.12.xx network via 10.10.15.xx

confusing but I need to be able to VPN in under a 10.10.15.xx address which connects to the 10.10.12.1 firewall and have the 10.10.12.1 firewall talk to the 10.10.14.1 firewall. I think if I get that working employees wont have to access the equipment on an outside ip address.

I also have two seperate windows 2003 servers running dhcp. one for the 10.10.12.1 network and 10.10.14.1 network.

thanks in advance

mike

Labels:
0 Helpful
1 Reply 1

whisperwind
Level 1
Level 1

‎11-10-2007 08:14 PM

Mike your explanation was a bit confusing to me so I am going to try and answer based on how I read it. It seems you have two PIX firewalls with inside IP Subnets of 10.10.14.x and 10.10.12.x

First thing is if you are using conduits as you state they need to go, upgrade those PIXs as conduits are deprecated and the OS version you have thus is very old.

I get the impression there is a Lan to lan tunnel between the two pix's and this the subnets. You then connect using a remote access vpn that is assigned an ip address out of the 10.10.15.x subnet. If that is the case you need to be able to hairpin on the pix in order to do this with just the pix you will need to upgrade their OS in order to use the intra interface command check this out

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents