Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
186
Views
0
Helpful
1
Replies

PIX to PIX VPN's on mutiple Interfaces

mark.ramsey
Level 1
Level 1

‎02-25-2003 07:13 PM - edited ‎02-21-2020 12:22 PM

Here's the gig,

We have a PIX 525, I have 10 remote PIX 501's. The 501's attach via the intenet to a T1 circuit attached to the PIX 525. Interesting traffic is encrypted and passed via VPN internally.

The problem is, I have now over provisioned my internet connection and wish to off load some (and the kicker is some not all) of the VPN clients to another circuit/port on the firewall. After much research I have come to a simple observation. When creating access lists which define my "interested" data I can only specify one Access-list via the "nat (inside) 0 access-list 100".

Please tell me it isn't so!!!!!!!!!!!!!!!!!! Ummm and if it is what would you rcommend (other than the obvious "move all the VPN's to the same interface")

Thank you for any assistance you would be willing to offer.

Mark

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎02-25-2003 09:35 PM

If you terminate some of the tunnels on say, a dmz1 interface, you just do:

> nat (dmz1) access-list 101

and then have ACL 101 specify your interesting traffic for those VPN's.

Terminating tunnels on two different interfaces is no problem, you can see how it's done here:

http://www.cisco.com/warp/public/110/client-pixhub.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents