Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
4
Replies

Newb VPN Setup

ArthurHawkins
Level 1
Level 1

‎03-22-2007 12:27 PM - edited ‎02-21-2020 02:56 PM

Ookay, hopefully somebody can take a few minutes to help me out here.

I have three sites that all have Pix501 running version 6.3 that I need to connect to each other using VPN Tunnels. Site 1 is my main office where my server is located and both Site 2 and 3 need access.

For logging purposes I do not want to use NAT, but pass the actual host IP's when transmitting back and forth across the tunnels.

I tried working off the instructions for a fully-meshed set up, but I can't get the tunnels to come up.

I am using cable modems (same at all three sites) for connectivity.

Anybody know of a link or site specific to how to's for newbie's?

I also have 3 1751 routers. 1 at each location that are currently controlling Point-to-Point partial T-1's that if I can come up with a quick fix can be used to solved the problem. I am actually replacing these T-1 connections with VPN tunnels to save costs.

They are running IOS version 12.2(13)T3.

Thanks!

Labels:
0 Helpful
4 Replies 4

kaachary
Cisco Employee
Cisco Employee

‎03-22-2007 04:22 PM

Please go through the following doc :

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800a2cce.shtml

*Please rate if it helped.

-Kanishka

0 Helpful

ArthurHawkins
Level 1
Level 1
In response to kaachary

‎03-23-2007 09:08 AM

Okay, I looked through the documentation for the fully-meshed configuration, the only snag that I am running in to with it so far is that it still does NAT for public.

This is the setup that I need..

. . . . . . . . . .INTERNET

. . . . . . . . . . . ^

. . . . . . . . . . . |

. . . . . . . . . CISCO 1751

. . . . . . . . . . . ^

. . . . . . . . . . . |

. . . .INTERNET <---PIX501--->INTERNET

. . . . . ^ . . .(MAIN OFFICE). .^

. . . . . | . . . . . . . . . . .|

. . . . PIX501. . . . . . . . .PIX501

. . . .(BRANCH1). . . . . . . (BRANCH2)

Kinda hard to draw it out here, but I think everyone can get what I am trying to do out of that diagram.

The 1751 router handles my main internet feed plus connectivity to a data processor. Each of the PIX501 boxes are connected to Cable Internet.

There is a 1751 at each of the branches connected to point-to-point partial t-1's right now, but we are trying to replace that solution with the PIX boxes and the cable internet to cut costs..

Any help would be appreciated! Thanks!

0 Helpful

acomiskey
Level 10
Level 10
In response to ArthurHawkins

‎03-23-2007 09:22 AM

Could you explain "it still does NAT for public."?

0 Helpful

ArthurHawkins
Level 1
Level 1
In response to acomiskey

‎03-23-2007 10:15 AM

Because of the connectivity requirements of my data processor, connections from the branch offices have to go through with their machine ip's.

So going out through the 1751 I need to make sure that branch2.x.x.x ip is still listed as the source ip and not a single NAT ip.

0 Helpful
Customers Also Viewed These Support Documents