Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
213
Views
0
Helpful
1
Replies

VPN device behind PIX

Shea Lambert
Level 1
Level 1

‎09-23-2005 08:39 AM - edited ‎02-21-2020 01:59 PM

I have a Cisco 1700 router hanging off an ethernet port on my PIX. The router needs to be able to create a VPN through the PIX and yes it has to go through the 1700. If I have the device connected directly to port ethernet 5 what commands do I need to use to allow the VPN to go through the PIX?

Thanks,

Labels:
0 Helpful
1 Reply 1

bigchoice75
Level 1
Level 1

‎09-23-2005 10:14 AM

You will first need a static NAT for the vpn device, then you will need to add an acl:

access-list VPN-IN permit ah any host x.x.x.x

access-list VPN-IN permit esp any host x.x.x.x

access-list VPN-IN permit udp any host x.x.x.x eq isakmp

the 'host x.x.x.x' should be the global address (NATTED Address) of the cisco 1700.

Assuming you are terminating with another VPN device on the internet you would want to apply the ACL to the outside interface.

If this is for a site-to-site you can change the keyword 'any' in ACL with 'host x.x.x.x' which would be the other vpn device. If this is for a remote-access VPN then leave the 'any' keyword, as would not know the ip of clients connecting.

0 Helpful
Customers Also Viewed These Support Documents