Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Design Issues

we are going to implement a VPN between two locations one at India and other at USA.we are going to use burstable T3 connection at US side and 2xE1 at India side.

i wanted to use 2621 at both sides.but E1 Interface at the router is a V.35

T3 Interface at the router is HSSI .and 260 router cannot support HSSI interface.so i cannot use it at US End.

we are planning to buy a 525 PIX.i m having 506 PIX already at India.can i use PIX tp PIX or PIX to Router (as i have 2600 at india)in this case.

My consern is where will T3 be terminating at US side in that case and how it will be conneting to PIX to form a VPN.

  • Other Security Subjects
4 REPLIES
Bronze

Re: VPN Design Issues

You will need a router with an interface to terminate the clear channel T3 (a 3660 comes to mind), as the PIX will not. Other than that you should just be able to specify your peer address at either end's serial address or at the US PIX firewall - to - E1 V.35.

Bronze

Re: VPN Design Issues

You may also want to consider a VPN encryption module for each router, depending on how many concurrent tunnels are needed.

New Member

Re: VPN Design Issues

hi.

i will be using jyst two tunnels..well is it possible that my T3 connections terminates to hssi port of my 7206.but my PIX handels the load of VPN.actually my 7206 handels the VOIP Traffic .and does compression/decompression of packets.i donot want this router to handel the extra load of VPN.so i will like to use PIX at US End with HSSI termination for actual physical connection and i can use 2600 at my India side.

can u tell me if its fesible..also just explain how i will have to approach this senario.

thx

Bronze

Re: VPN Design Issues

Your router supports the VAM (VPN Acceleration Module):

http://www.cisco.com/univercd/cc/td/doc/pcat/vam.htm

You could use that to handle your VPN/GRE processing, and that way you could keep the current infrastructure. To my knowledge, and this link, it appears that the PIX does not have a WAN interface:

http://cisco.com/univercd/cc/td/doc/pcat/fw.htm

So, you will need to terminate the T3 at the 7206, and then let the PIX terminate the IPSec traffic. Just specify the peer, in your VPN configuration, on the India side as the PIX interface's ethernet outside IP address on the US side, and vice versa. If you are doing NAT on the 7206 for the PIX, then specify the NAT'd IP that points to the PIX for your India peer to connect to. This document describes PIX to router config:

http://www.cisco.com/warp/public/110/39.html

Hope this helps.

89
Views
0
Helpful
4
Replies