Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote access VPN & NAT issue on PIX 515E

2 Pix 515E are connected in failover mode. Inside zone connects to LAN Segment & outside zone connects Internet Router via public IP given by ISP.. Now our requirement; Remote access VPN configuration for Remote users & to provide Internet connectivity to inside zone users through a single outside interface All users will should accessible by proxy to access Internet. Now I'm planning to keep Proxy in inside zone & do Static NAT of Proxy IP to a Public IP. Pls put your better suggestion.

1 REPLY
Gold

Re: Remote access VPN & NAT issue on PIX 515E

failover should be transparent to users.

when configuring failover, 2 ip address for each interface is needed.

e.g.

ip address outside 1.1.1.1 255.255.255.248

ip address inside 192.168.1.1 255.255.254.0

ip address DMZ 192.168.2.1 255.255.255.224

ip address state 192.168.3.1 255.255.255.0

failover ip address outside 1.1.1.2

failover ip address inside 192.168.1.2

failover ip address DMZ 192.168.2.2

failover ip address state 192.168.3.2

nonetheless, when the standby unit takes over and starts acting as the active unit (should only occur when the primary unit fails), it will apply the primary ip addresses. in other words, the gateway stays the same for users.

e.g.

192.168.1.1 as the pix inside interface ip, and whichever the unit is active, it will use this as the ip address.

114
Views
0
Helpful
1
Replies
CreatePlease login to create content