Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
1
Replies

L2TP thru PIX -- design question

dave.easton
Level 1
Level 1

‎04-17-2003 06:46 AM - edited ‎02-20-2020 10:41 PM

I am installing a PIX for a customer who already has a VPN setup in place. He's got a WIN2K server at his main site, and is building L2TP tunnels over the internet from several remotes. I need to put the PIX between the current VPN server and the remotes. Can I just config it to pass the L2TP traffic (along with the rest of the traffic I want to allow) so that he doesn't have to change his current VPN setup? Or does it make more sense to terminate the VPN tunnels instead on the PIX? Thanks in advance for any input!

0 Helpful
1 Reply 1

yizhar
Level 1
Level 1

‎04-17-2003 07:56 AM

HI.

> Can I just config it to pass the L2TP traffic (along with the rest of the traffic I want to allow) so that he doesn't have to change his current VPN setup?

Yes. It should work for you.

> Or does it make more sense to terminate the VPN tunnels instead on the PIX?

There is no much benefit terminating L2TP at the pix versus using the existing W2K server, but if you switch to Cisco VPN client (IPSec), then there are some advantages, like dual authentication and split tunnel.

Such a change will require installing VPN client software on the remote machines.

It can be implemented in 4 phases:

1) Install pix, keeping the existing VPN configuration.

2) Configure the pix to accept Cisco VPN remote access clients, with XAUTH.

3) Install Cisco VPN clients and verify connectivity.

4) Instruct users to start using the new client, and block connectivity to the old W2K VPN server.

Please note that the pix by default comes with DES encryption only. If you're going to terminate VPN at the pix, you will probably be interested in upgrading to 3DES/AES . Contatct your Cisco dealer about this.

Bye

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card