Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
1
Replies

Cisco pix 515-E version 6.3

ahmad82pkn
Level 2
Level 2

‎11-24-2010 09:41 AM

can i make site to site VPN with pix firewall having single interface?

that single interface will have a private ip.

and my actual peer ip would be on my boundary router natting to my firewall interface ip.

i cant find any config guide for single interface cisco pix for making ipsec vpn.

any help?

Labels:
0 Helpful
1 Reply 1

Vikas Saxena
Cisco Employee
Cisco Employee

‎11-24-2010 09:55 AM

You can not create VPN on a stick style configuration with PIX running 6.3. PIX 6.X does not support one arm routing.

BUT, if you are too desparate then there is a workaround of creating two VLAN interfaces out of your only physical interface and using the two vlan interfaces as you ingress and egress interfaces. The router in front of the PIX should support the sub interfaces from fastethernets or ethernets.

  e0.1 VLAN A ------------------------- fa0/0.1            fa0/1--------------------internet

pix--e0--+                                +       router +

  e0.2 VLAN B ------------------------- fa0/0.2            fa0/2------------- Private LAN

VLAN A outside and VLAN B Inside.

Look for configurations which tell you how to create VLANs on the PIX running 6.3

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents