Router or PIX VPN prob

mike.f · ‎04-01-2003

We have a network with two sites each with a w2k domain (one a child domain of the other) to they are trusting and have dynamic copies of each others DNS/WINS, this has been working fine with an ISDN connection with both networks browsable to each other. We are now installing ADSL links a dedicated one to the remote site and one for internet browsing and remote access.We have a perimeter router were the ADSL terminates and a PIX in between the router and the local network. AS the router supports 3DES and the PIX (restricted) doesn't i was going to put the VPN tunnel between the two sites terminating on the router taking advantage of the 3des encryption. However i have a problem, the pix uses nat , so i can't route to the local network i have to route to the pix global ip range, the dns/wins info at the remote end has the local ip range for the p.c's/servers so it trys to send info to the local ip range and fails. Is there any way round this (it seems a waste not to use the router as it has a vpn accelerater card as well) , or will i have to set up DES vpn links terminating on the PIX from the remote site and remote users.

sharka · ‎04-05-2003

How about putting a network between the router and pix. Use static NAT'ing to move the IP's through the PIX? I will be needing to do this soon and have been triing to figue it out. YOu may also be able to extent the tunnel from the router to the PIX. And tell the PIX nonat on the ipsec packets?

Good luck,

Phil Muller