Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Move VPN concetrator 3000 from outside zone firewall to dmz zone firewall

Hi

I have a firewall check point in my network. There is a VPN concentrator 3000 into the outside firewall´s zone and I want to move the concetrator VPN to dmz firewall´s zone.

How do i plan this job? is there some document where explain how to do this task?

thank you,

2 REPLIES
Gold

Re: Move VPN concetrator 3000 from outside zone firewall to dmz

1. ip address. you may leave the current public ip address on the concentrator public interface; or you may perform nat on the checkpoint.

2. inbound acl. an inbound acl needs to be configured on the checkpoint, in particular the inbound acl should permit the followings:

udp 500 (isakmp)

udp 4500 (non-isakmp)

ip 50 (esp)

tcp 443 (https for remote management of the concentrator)

tcp 10000 (if and only if "ipsec over tcp" is enabled)

3. routing. configure a default route on the concentrator pointing to the checkpoint connected interface. further, a tunnel default gateway may also be needed for remote vpn client (optional).

New Member

Re: Move VPN concetrator 3000 from outside zone firewall to dmz

Thank you.

120
Views
0
Helpful
2
Replies
CreatePlease to create content