cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
260
Views
0
Helpful
4
Replies

How to run VPN client between 2 interfaces (i.e. DMZ1 and DMZ2).

djkim
Level 1
Level 1

Hi,

Can anyone pls advise how to config VPN remote access between DMZ1 and DMZ2 on PIX515?

The scenario is as below:

DMZ1 is higher security than DMZ 2 and I would like to have users on DMZ2 must use VPN client to access a terminal server on DMZ1 LAN. I have tried it in many different way, it desn't seem to work.

Am I trying what it is not designed for??? Pls help. Regards, DJ

4 Replies 4

mostiguy
Level 6
Level 6

The reason you don't see many configurations for that is because not many people use IPSec on LANs. Why do you want to go the vpn route - for authentication, encryption or both?

Anyhow, you might be able to work up a vpn configuration where you use "isakmp enable dmz2" - have a vpn setup on that interface. I can't think of any particular reason why your setup would not work.

The reason I need this is for authentication purpose, two different company is divided by PIX515 and we want users on DMZ2 must authenticate thru vpn client to access allocated source on DMZ1. I have tried with VPN Wizard via PDM, not manually. I believe "isakmp enable dmz2" is set. I didn't have any issue with OUTSIDE interface. I got one question that I would like to confirm, when DMZ2 uses vpn client what ip address would be access point for athentication? I assume this vpn server ip address would be DMZ2 interface ip address, not the DMZ1 interface ip address. Can you pls confirm this ? Thanks DJ

Sounds like an interesting setup. Yes, I would think that DMZ2's IP would be the one you would be attempting to connect to

It didn't work. I am in doubt whether this is really going to work.. I wonder anyone tried out. Thks DJ

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: