Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX firewall and VPN

Suppose I have a remote firewall (pix), to which a web and a database servers are connected. Now I want to connect to this firewall via the internet by using the VPN technology.

In my office (located remotely) my PC, along 15 other PCs, are connected to a Cisco 877 router which dynamically assign the IP addresses to each of the PC on the LAN via DHCP (ADSL connection).

I'll install the Client VPN on my PC. For this (LAN) architecture, can I "build up" a VPN channel from my PC to the firewall to access the web and database servers?

If so, can I only make my PC has the access to the VPN channel, while deny the rest of PCs in my office (I do not want the rest to access the VPN)?

Many thanks.


New Member

Re: PIX firewall and VPN

YEs you can do all of that. I suggest you statically address your own pc, and take that ip out of the DHCP pool to avoid conflicts, then your vpn tunnel will be to allow only access from your pc.

New Member

Re: PIX firewall and VPN

Thanks to respond. The problem is that I can not assign a statically address to my PC. Why? Because I am using the ADSL service from ISP company. The IP I got is a dynamic one. If I want my PC to be static IP, I have to have the whole office's PC to go static (IP). In that case, I'll have to upgrade to a more expensive service.

With the service plan I am now having, it is relatively cheaper because the IP is dynamic. Now I just wonder if the Cisco's client VPN software will resolve this issue, i.e., even if my PC is DHCP assigned IP, Iwould still be able to build up a channel with the remote servers?


New Member

Re: PIX firewall and VPN


When you install the VPN Client on your PC, its the PC who connects to PIX firewall and what ever IP address you have on the internal LAN it will work as long as your IP address is 1:1 NATed on your router.

If you want a site to site VPN between router & PIX, you don't need a VPN client installed. You can configured the VPN with the whole subnet or host to host only. I'm sure you can exempt the Ip address on your router or reserve it based on the MAC address.


New Member

Re: PIX firewall and VPN

I therefore recommend using the vpn client, if you cannot statically assign your host. This will work.

CreatePlease to create content