Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix 515e (6.3) - Client vpn to interface other than inside?

(assume a 515e running 6.3 with a 4 port ethernet expansion card)

Greetings,

I've done numerous vpn setups for pixes, but never have I had to make a vpn terminate anywhere but the inside interface. Is it possible to have the VPN terminate to one of the other 4 interfaces on the expansion card. I need to set up vpns to the different networks, but cannot route between them.

  • Other Security Subjects
3 REPLIES

Re: Pix 515e (6.3) - Client vpn to interface other than inside?

YES, you can use the interface of your choice, usualy it is the outside interface that is used for the VPN termination.

config changes in:

1.) crypto map REMOTE interface outside

2.) access-list of the interface

3.) NAT exemption - access-list NONAT

4.) isakmp enable outside

sincerely

Patrick

New Member

Re: Pix 515e (6.3) - Client vpn to interface other than inside?

I think you misunderstand my question.

See the attached jpg.

Client pc is on the internet. Pix outside interface (e0) is on the internet.

I want to create a client vpn to Network A (e2), NOT to the Inside network.

Bronze

Re: Pix 515e (6.3) - Client vpn to interface other than inside?

Hi Sir,

You should be able to do it if you have the following configured correctly:

1- Access-list ID (of course you will create a fake pool - this is the normail way of doing it on a pix)

2- Nat (networka) 0 access-list ID

Once you get an ip from the pool, try to ping the inside interface of the PIX, but don't forget to include the command: management-access networkA

Thanks and regards,

112
Views
0
Helpful
3
Replies
This widget could not be displayed.