Re: VPN configuration PIX or Router

edw · ‎07-10-2006

Hi,

I have a network with a 3660 on the perimeter and a PIX520 before my inside network. I want to allow external workers access to our network through VPN. I have read some documents and wanted to know - which is better to use a 3660 router or a PIX to establish the VPN tunnel ??

If PIX - do I have to produce a static IP for the outside interface which everyone can see ?

Reason for that question is that my traffic is NAT from the firewall to the 3660 and then NAT again to the outside ip range. so the pix outside card is a private address range at present.

Thanks for any help or thoughts on this

Ed

sachinverma · ‎07-10-2006

Hi Ed,

I would recommend you to use PIX for vpn termination over 3660.And you need static public IP address for the outside interface.Incase you don't want to change your network NAT structure then you can use encryption card on 3660 to enhance its encryption and tunneling performance.

cheers

Sachin

edw · ‎07-11-2006

Hi,

Thanks for this - I'm looking into the module. I presume I would use the 3660 if I used the card rather than the PIX or would the card just pass trafic to the pix and the pix still etablish the tunnel ?

Could I use a static NAT on the 3660 for the PIX card ? Isnt this a security problem or should I say a bit more open if the PIX interface cards have public ips ?

Thanks

Ed