08-22-2001 12:23 PM - edited 02-21-2020 11:24 AM
Hello,
I am currently running a VPN Concentrator 3005 in parallel with our PIX 520 Firewall. I would however like to increase security buy having the "private" address be part of a DMZ on the PIX 520 and then translate that into an internal IP address pool.
Currently, I have an "outside" internet address and the "private" address goes directly into the internal IP address pool.
So, I guess the question is whether anyone has setup a VPN 3005 Concentrator with a "private" IP address into a PIX Firewall DMZ and then translate into the internal network IP address pool?
Thanks in advance,
Darle
08-28-2001 07:01 AM
The recommended setup is to run the concentrator in Parallel with the Firewall, not off the Firewalls DMZ. With the right combination of Network Statics from the Inside to the Perimeter and conduits to the concentrator from the outside I would think its doable. Has anyone tried this?
08-28-2001 10:27 AM
We are using a 3030, hopefully this will apply to you as well.
Due to concerns our security department had about running in parallel, we put the public interface into the DMZ (using NAT on Checkpoint FW). We also put the private interface into the DMZ in a separate subnet. Works great.
08-31-2001 12:53 PM
Can anyone point me to some documentation on how to do this exactly, I'm not finding anything. It doesn't help that I'm good with the concentrator's and not so good with the PIX. TIA.
09-12-2001 09:45 AM
Hello,
I believe this sounds exactly like what I am after. Did you get your examples for setting this up from Cisco or on your own? I am uncertain about how to get the public DMZ interface translated into the internal address pool.
If you have any examples you could send my way or a URL that might be helpful, I would greatly appreciate it!
Thanks for responding to my question!
Darle Hoover
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: