Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
215
Views
0
Helpful
2
Replies

Pix VPN Routing

admin_2
Level 3
Level 3

‎03-08-2004 09:44 AM - edited ‎02-21-2020 01:03 PM

I have a question... I'm pretty sure this isn't even possible, but I thought I'd get more opinions.

We need to do some routing on our WAN. Here is our current setup:

We have 3 locations. Each has a T1 coming into a router that is owned and operated by our ISP. The router is plugged into a Pix 515E and our LANs are behind the firewall. Publicly we have a /27 subnet for each location as well.

I have VPNs created between all 3 firewalls for WAN connectivity.

Now here is a similar senario to what I need to do. At one location we have a webserver. There is an access list on the firewall at that location to allow tcp 80 access to it from any host on the outside. I also want to setup a public address at another location for this web server. Traffic would go to the remote firewall and then be routed over the VPN to the web server and back again. Is this possible?

As I said, this isn't the actual senario. This one doen't make much sense, but the routing problem is the same.

I'd appreate anyones insight.

Thanks.

Labels:
0 Helpful
2 Replies 2

shannong
Level 4
Level 4

‎03-08-2004 11:15 AM

How about giving the actual scenario using more generic terms and situations? What you seek can probably be accomplished, but it will probably require you to use an additional interface (even if only logical) on the firewalls to create a logical full mesh configuration.

Do you have a router behind the firewalls? Is your WAN really just a VPN over the Internet?

0 Helpful

Not applicable
In response to shannong

‎03-08-2004 02:10 PM

Actual scenario is this:

We have 2 T1s coming into one location (I'll call it location "one"). One goes to the Internet used for all Internet access and WAN (VPN) traffic. 2nd T1 is a private line going to our ASP (ERP system is outsourced). All ERP application traffic goes over this T1. Other two locations access ERP directly over the Internet (https).

For ERP reports to print automatically, they need to be sent directly to the printers. No problem in location "one". Print jobs are sent over the private line. Problem in the other two locations is print jobs would be sent in clear text over the Internet. We would like the print jobs to come over the private line to location "one" and then route the jobs to the printers in the other two locations.

Here's a bit more information on network setup:

Location "one" has a router for each T1 coming in (both ISP property). The two routers and the firewall's outside interface plug into a switch. ASP traffic is routed on the firewall using a ROUTE command.

We have no routers on the inside of the firewall. Just one subnet per location. Small networks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents