Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 501 to PIX 501 VPN

I have 3 PIX 501 firewalls running PPOE ADSL connections.

1 * Head Office

2 * Remote locations

We need to extend the configuration to include some VPN features:

Office

PAT (I think this is the term) - external inbound connections (eg port

80 443 5060 etc) - WORKING

Software VPNClient will connect to this point (users travelling need to

access the office network) - WORKING

Hardware VPN Host (Server) - NOT WORKING

Radius SERVER authentication for software VPN clients - WORKING

Provides primary internet connection for this location

Remote1

PAT (I think this is the term) - external inbound connections (eg port

80 443 5060 etc) - WORKING

Software VPNClient will connect to this point (users travelling need to

access the office network) - NOT WORKING

Hardware VPN will connect to Office - needs to be in NEM mode - both

sides should be able to see resources on both sides - NOT WORKING

Provides primary internet connection for this location - this means we

need split tunnel for the VPN connection???

How does DHCP work with with a hardware VPN, should we have a local DHCP

or does it get addresses from the HEAD OFFICE?

Remote2

Software VPNClient will connect to this point (I believe that users in

remote1 location would need to do this to access resources in this

location?) - NOT WORKING

Hardware VPN will connect to Office - needs to be in NEM mode - both

sides should be able to see resources on both sides

No external internet access required here

Is this possible? I have read a range of materials much of which is

confusing for the inexperienced. Some of the items concerning me are

PAT cant be done whilst the Hardware vpn is configured?

Software and Hardware VPN hosts (servers) cant coexist on same device

Remote1 cant route to Remote2 (in out not allowed rule on one interface???)

This relates to my DHCP question I think.

Where do I go to start to get a working config for this?

At the moment I have PPOE connection going ok and the inbound PAT stuff

working with software VPN authenticating against a separate RADIUS server.

Thanks

Stewart

1 REPLY
Gold

Re: PIX 501 to PIX 501 VPN

103
Views
0
Helpful
1
Replies