Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco pix 515-E version 6.3

can i make site to site VPN with pix firewall having single interface?

that single interface will have a private ip.

and my actual peer ip would be on my boundary router natting to my firewall interface ip.

i cant find any config guide for single interface cisco pix for making ipsec vpn.

any help?

1 REPLY
Cisco Employee

Re: Cisco pix 515-E version 6.3

You can not create VPN on a stick style configuration with PIX running 6.3. PIX 6.X does not support one arm routing.

BUT, if you are too desparate then there is a workaround of creating two VLAN interfaces out of your only physical interface and using the two vlan interfaces as you ingress and egress interfaces. The router in front of the PIX should support the sub interfaces from fastethernets or ethernets.

  e0.1 VLAN A ------------------------- fa0/0.1            fa0/1--------------------internet

pix--e0--+                                +       router +

  e0.2 VLAN B ------------------------- fa0/0.2            fa0/2------------- Private LAN

VLAN A outside and VLAN B Inside.

Look for configurations which tell you how to create VLANs on the PIX running 6.3

317
Views
0
Helpful
1
Replies
CreatePlease login to create content