I have 3 PIX 501 firewalls running PPOE ADSL connections.
1 * Head Office
2 * Remote locations
We need to extend the configuration to include some VPN features:
Office
PAT (I think this is the term) - external inbound connections (eg port
80 443 5060 etc) - WORKING
Software VPNClient will connect to this point (users travelling need to
access the office network) - WORKING
Hardware VPN Host (Server) - NOT WORKING
Radius SERVER authentication for software VPN clients - WORKING
Provides primary internet connection for this location
Remote1
PAT (I think this is the term) - external inbound connections (eg port
80 443 5060 etc) - WORKING
Software VPNClient will connect to this point (users travelling need to
access the office network) - NOT WORKING
Hardware VPN will connect to Office - needs to be in NEM mode - both
sides should be able to see resources on both sides - NOT WORKING
Provides primary internet connection for this location - this means we
need split tunnel for the VPN connection???
How does DHCP work with with a hardware VPN, should we have a local DHCP
or does it get addresses from the HEAD OFFICE?
Remote2
Software VPNClient will connect to this point (I believe that users in
remote1 location would need to do this to access resources in this
location?) - NOT WORKING
Hardware VPN will connect to Office - needs to be in NEM mode - both
sides should be able to see resources on both sides
No external internet access required here
Is this possible? I have read a range of materials much of which is
confusing for the inexperienced. Some of the items concerning me are
PAT cant be done whilst the Hardware vpn is configured?
Software and Hardware VPN hosts (servers) cant coexist on same device
Remote1 cant route to Remote2 (in out not allowed rule on one interface???)
This relates to my DHCP question I think.
Where do I go to start to get a working config for this?
At the moment I have PPOE connection going ok and the inbound PAT stuff
working with software VPN authenticating against a separate RADIUS server.
Thanks
Stewart