Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to run VPN client between 2 interfaces (i.e. DMZ1 and DMZ2).

Hi,

Can anyone pls advise how to config VPN remote access between DMZ1 and DMZ2 on PIX515?

The scenario is as below:

DMZ1 is higher security than DMZ 2 and I would like to have users on DMZ2 must use VPN client to access a terminal server on DMZ1 LAN. I have tried it in many different way, it desn't seem to work.

Am I trying what it is not designed for??? Pls help. Regards, DJ

4 REPLIES
Silver

Re: How to run VPN client between 2 interfaces (i.e. DMZ1 and DM

The reason you don't see many configurations for that is because not many people use IPSec on LANs. Why do you want to go the vpn route - for authentication, encryption or both?

Anyhow, you might be able to work up a vpn configuration where you use "isakmp enable dmz2" - have a vpn setup on that interface. I can't think of any particular reason why your setup would not work.

New Member

Re: How to run VPN client between 2 interfaces (i.e. DMZ1 and DM

The reason I need this is for authentication purpose, two different company is divided by PIX515 and we want users on DMZ2 must authenticate thru vpn client to access allocated source on DMZ1. I have tried with VPN Wizard via PDM, not manually. I believe "isakmp enable dmz2" is set. I didn't have any issue with OUTSIDE interface. I got one question that I would like to confirm, when DMZ2 uses vpn client what ip address would be access point for athentication? I assume this vpn server ip address would be DMZ2 interface ip address, not the DMZ1 interface ip address. Can you pls confirm this ? Thanks DJ

Silver

Re: How to run VPN client between 2 interfaces (i.e. DMZ1 and DM

Sounds like an interesting setup. Yes, I would think that DMZ2's IP would be the one you would be attempting to connect to

New Member

Re: How to run VPN client between 2 interfaces (i.e. DMZ1 and DM

It didn't work. I am in doubt whether this is really going to work.. I wonder anyone tried out. Thks DJ

111
Views
0
Helpful
4
Replies