site-to-site VPN and PIX

vaba · ‎07-04-2007

This Is my network

HTTP SERVER -10.10.X.X:8080

|

PIX FIREWALL

|

192.168.100.X/24

|

1811-ROUTER1

Permit ip 10.10.x.x 0.0.0.255 192.168.200.x 0.0.0.255

|

IPSEC 192.168.150.X

|

1811-ROUTER2

Permit ip 192.168.200.x 0.0.0.255 10.10.x.x 0.0.0.255

|

192.168.200.X/24

Which ports I need to open on PIX for access to HTTP server 10.10.x.x:8080, onli for port 8080 from 192.168.200.X/24. When I open on PIX only port TCP 8080 on PC in 192.168.200.x/24 I receiving http error 404, but I have ping from 192.168.200.x to 10.10.x.x.

When I open on PIX ALL TCP ports its OK and I access my http server without error.

I think is for MTU on IPSEC tunnel, but I can?t understand, how configured router1 and router2.

can you help me?

jaffer_sathik2010 · ‎07-04-2007

Hi,

Here are my suggestions:

On PIX, open the following ports:

----------------------------------

80 -Http (try this instead of 8080)

udp 500 - ISAKMP

IP 50 - ESP

IP 51 - AH

Note: Here,I am assuming that you have not configured port redirection on PIX.

And finally,this is not related to MTU issue.

Thanks,

Jaffer

vaba · ‎07-07-2007

My PIX i behind a VPN tunnel(VPN tunnel terminate on out interface on two routers) - is this resolve will work in this case

johnd2310 · ‎07-10-2007

hi,

What version of pix are you running? Post Pix access-list and Pix nat config.

Thanks

John

**Please rate posts you find helpful**