We have a vendor who wants to setup a VPN 3005 to our Network. And I have never had the opportunity to set up a VPN. They request we plug directly into our LAN and to trust them. I do not feel comfortable with this plan. We have a PIX 510 Ver 5.1(2) and we NAT our private network to a class C public address. We do not restrict outbound traffic and only currently have two statics to permit inboud communications from the Internet. All the Cisco research I have found does not show the configuration I thought would work best. Is it possible to use a hub off of the dmz card of the pix and to have both the private and public ethernet ports of the 3005 plugged into the hub. This would keep the public and private ports protected and it would work through the PIX. Is this possible and what would I need to configure on the PIX to make it work?
VPn really depends on your topology. First of all, what are you going to protect using the VPN connection? Your private LAN to to what ?
you can put the public interface of the concentrator behind the dmz interface of the pix firewall, but you have to connect the private interface of the concentrator towards the subnet which you want to protect using IPSec. Also, the private and public interfaces on the concentrators need to be in unique subnets
We are a company with a WAN consisting of (5) main sites and each site has (1) to (5) remote sites. The core routers are all connected with redundant links. All of those facilities access the Internet through our Coporate Internet connection. It is my responisbility to protect the coporate local LAN and all of the other facilities against improper access. Only (1) of the sites will need to access the VPN. Their communications will have to go through two routers and the PIX box to reach the DMZ and then out the Internet to establish the IPSec tunnel.
I understand about the public interface but, if my network is 10.0.0.0 /8 can't the public be 10.1.1.1 and the private be 10.2.1.1 and still plug into the hub? The data that would be going over the IPSec tunnel would be private data.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...