Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX in front of or parallel to 3030 Concentrator

I am interested in the configuration of a PIX either in front of or parallel to a 3030 concentrator. I have several VPN tunnels coming into my 3030 and I have read that for greater security I can place a PIX either in front of or parallel to my 3030. Anyone have any experience with this? If so, what would the configuration be? An ACL to permit ah,esp? Would I have to add routes in the PIX to route VPN subnets? I think I understand the concept - PIX performs firewalling and 3030 is for VPN traffic only. Just not sure how to configure the PIX. Any help much appreciated.

2 REPLIES
Gold

Re: PIX in front of or parallel to 3030 Concentrator

pix outside <--> internet

pix inside <--> private lan

vpn concentrator public <--> pix dmz

vpn concentrator private <--> private lan

the pix config related to the concentrator is as below:

static (dmz,outside) netmask 255.255.255.255

access-list inbound permit udp any host eq 500

access-list inbound permit udp any host eq 4500

access-list inbound permit esp any host

depends on whether remote https or "ipsec over tcp" has been configured:

access-list inbound permit tcp any host eq 443

access-list inbound permit tcp any host eq 10000

on the concentrator, a default gateway needs to be configured and it should be the pix dmz interface.

New Member

Re: PIX in front of or parallel to 3030 Concentrator

Thanks for the information.

182
Views
0
Helpful
2
Replies
CreatePlease to create content