Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

use of external interfface on vpn3015

can anyone point me to sample configs using all 3 interfaces?

i would like to use the external interface to provide vpn connectivity to a "pocket" network configured on one of the dmz interfaces of my pix 525 but cant seem to find any examples of using the external interface.

thx for any suggestions.

  • Other Security Subjects
3 REPLIES
New Member

Re: use of external interfface on vpn3015

Hi,

There is no sample config in the CCO for VPN 3000 using external interface.

Here is a quick Tip:

1 "Configuration | Interfaces | Ethernet 3" to config the external interface:

Please check "public interface" and choose "public default" as the filter, put in ip address and subnet mask.

2 Because external interface will not use "default gateway", it should use the external interface next hop router to do the routing, so please go to

"Configuration | System | IP Routing | Static Routes" to put static route to make the routing through the external link.

3 "Configuration | System | Tunneling Protocols | IPSec LAN-to-LAN | Modify"

No difference with you configing the LAN to LAN tunnel with public. Please make sure to choose "external" instead of "public" interface.

That is it. Following above steps, it should be working fine.

Best Regards,

New Member

Re: use of external interfface on vpn3015

we are hosting a group of "outsiders" that are using us strictly for outbound connectivity.

what i wish to do is define a group/user on the 3015 that dumps outside users directly into this pocket network. i dont want to give them anymore access in the firewall other than default route. (ie, a way out to internet)

can this be done this way? if this is more involved i will contact TAC but it seemed better to get my education here then consume the tacs time.

New Member

Re: use of external interfface on vpn3015

Hi,

It can be done as you want.

Put those users into that group and assign different ip pool address to them.

you might need config user defined filters and apply to that group to filtering the traffic (deny all except going out through the external interface).,

http://www.cisco.com/warp/customer/471/filter.html

Best Regards,

89
Views
0
Helpful
3
Replies
This widget could not be displayed.