Hi. I'm planning to setup a network which will look like this:
Internet -> Router (1760) -> Pix (501) -> Intranet
As there are VPN builtin to both the router and the pix, how should I go about to configure my vpn setup to allow remote clients to connect to the intranet resources.
I can currently think of the following solutions:
- Client connects and authenticates with the router, which will then allow the authenticated client access to the intranet resources. Is this possible? How should I configure the PIX to allow this type of traffic in.
- Client connects to the PIX vpn for authentication. Router will do a NAT on the outside interface and route the incoming vpn request to the PIX.
- Use a Windows 2000 VPN server located inside the intranet. Which ports do I need to open on the router's fw and pix? Do I need to do a NAT to translate the public IP to the private ip of the Windows VPN server? Will it look something like
Access-list <number or Name> permit tcp <source IP or ANY> <destination IP or ANY> eq 1723
Access-list <number or Name> permit gre <source IP or ANY> <destination IP or ANY>
Are these solutions feasible, or can the experts here recommend better solutions to me?
Thanks very much, your help will be very much appreciated!
My suggestion would be to let the PIX be the VPN peer. If you terminate VPN's on the router your going to have to put holes in your PIX to allow access to intranet resources (MS browsing, HTTP etc..). I'm not a big fan of MS VPN's but that's just my personal opinion.
Couple of questions...
1. How many remote users are going to be connecting? (I believe the 501 will allow 10 vpn connections)
2. Are you having IP's routed down to you from your ISP? (just curious because you mentioned that your going to be NATing on the router)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...