cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
287
Views
0
Helpful
3
Replies

use of external interfface on vpn3015

skiergaard
Level 1
Level 1

can anyone point me to sample configs using all 3 interfaces?

i would like to use the external interface to provide vpn connectivity to a "pocket" network configured on one of the dmz interfaces of my pix 525 but cant seem to find any examples of using the external interface.

thx for any suggestions.

3 Replies 3

paqiu
Level 1
Level 1

Hi,

There is no sample config in the CCO for VPN 3000 using external interface.

Here is a quick Tip:

1 "Configuration | Interfaces | Ethernet 3" to config the external interface:

Please check "public interface" and choose "public default" as the filter, put in ip address and subnet mask.

2 Because external interface will not use "default gateway", it should use the external interface next hop router to do the routing, so please go to

"Configuration | System | IP Routing | Static Routes" to put static route to make the routing through the external link.

3 "Configuration | System | Tunneling Protocols | IPSec LAN-to-LAN | Modify"

No difference with you configing the LAN to LAN tunnel with public. Please make sure to choose "external" instead of "public" interface.

That is it. Following above steps, it should be working fine.

Best Regards,

we are hosting a group of "outsiders" that are using us strictly for outbound connectivity.

what i wish to do is define a group/user on the 3015 that dumps outside users directly into this pocket network. i dont want to give them anymore access in the firewall other than default route. (ie, a way out to internet)

can this be done this way? if this is more involved i will contact TAC but it seemed better to get my education here then consume the tacs time.

Hi,

It can be done as you want.

Put those users into that group and assign different ip pool address to them.

you might need config user defined filters and apply to that group to filtering the traffic (deny all except going out through the external interface).,

http://www.cisco.com/warp/customer/471/filter.html

Best Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: