Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
235
Views
0
Helpful
1
Replies

Site-To-Site VPN Question

bmannella
Level 1
Level 1

‎08-08-2003 02:15 PM - edited ‎02-21-2020 12:42 PM

Hi i am setting up a site to site vpn for a customer of mine. There is 3 pc's at each site and a Win 2003 server at one of the sites. I also got DSL at both locations with static ip's.

My question is:

1)Can i use a pix 501 3DES Firewall at each site. And do the site to site with them?

2)Both locations need to be able to access the internet out of there DSL line. Is this possible with split tunneling. (plan on using IPsec)

3) Is there anything specail i need to know before attempting this.

I plan to use Nat behind each firewall.

If any other info is needed please let me know. Thanks

Labels:
0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎08-09-2003 09:50 AM

1. Yup.

2. Yes that is fine. not really split tunnelling.

3. re: the no in two:

You want to get familiar with nat 1 and nat 0.

you will be using:

nat 1 0 0 0 0

or something like it (you can be more selective with it such that you only nat the ip block they use, and not everything)- this nats everything.

and a statement like:

nat 0 access-list accesslistnamehere

this disables nat for the statements in the acl names accesslistnamehere

Each pix will have a pair of nat statments, the nat 1 will enable nat for everything, and nat 0 will selectively disable it. You will need to learn to get familiar with cisco access lists.

0 Helpful
Customers Also Viewed These Support Documents