Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
2
Replies

VPN Concentrator Location

jgarcia22
Level 1
Level 1

‎11-15-2001 10:01 AM - edited ‎02-21-2020 11:29 AM

I'm implementing a VPN 3005 and I have a pix. Where would I place the VPN 3005 in regards to the PIX? VPN 3005: external int public and internal int private? external int to pix dmz and internal to private ? or both to dmz ports on the pix? Any suggestions is appreciated. Thanks.

Labels:
0 Helpful
2 Replies 2

mike
Level 1
Level 1

‎11-15-2001 10:26 AM

I generally place the 3005 in parallel with the firewall. External int of 3005 on same network as external interface of firewall. Internet int on same network as internet int of firewall.

This allows you to operate the VPN even in the event of a PIX failure. For the more paranoid, placing the 3005 on a DMZ interface off the PIX is nice, as long as you have a routable subnet there...

It's really a metter of preference I'd say. If you place the 3005 in parallel, you can do some hardening on the internet router via an access-list to help protect the 3005 from port scans and eventual attacks.

hope this helps!

mike kantowski

ccnp

0 Helpful

travis-dennis_2
Level 7
Level 7
In response to mike

‎11-15-2001 02:49 PM

Just a note of agreement. Parallel is the way to go. I ave been running that for about 6 months with no major problems although I am graduating to the 515r from a 506 and will place the 506 in front of the concentrator now.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents