Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
2
Replies

Solution on vpn 3030 concentrator placement

arumugasamy
Level 1
Level 1

‎11-20-2006 09:40 AM

Dear Pros,

Project explanation:

Pair of pix firewall configured as failover.The outside of the pix pair connected to the internet gateway router 3825.Inside of the pix pair connected to the core switch ports configured with the vlan.The configuration as below

Outside : 192.168.102.0

Active pix out: 192.168.102.2

Sec.Pix out : 192.168.102.3

3825 Gieth : 192.168.102.1

Inside PIX : 192.168.101.0

Active pix in : 192.168.101.2

Sec.PIX IN : 192.168.101.3

Core SVI in : 192.168.101.1 (Gway for the vlan)

I connected the vpn in parallel to the pix firewall so the

vpn 3030 public is 192.168.102.140, Private is 192.168.101.4

Please help me to know the following

1.What is the default route on the vpn 3030

2.what are the static routes in the vpn 3030

3.If we have 10 inside networks in 172.16.0.0/24 then how to assign the static routes on the vpn 3030 to those networks

4.I have only one public IP configured for 3825 ADSL WAN port.How can i use that IP for vpn 3030 to give access to the vpn clients? (static nat?)

Please give me the solution details.

Thanks

swamy

Labels:
0 Helpful
2 Replies 2

a.kiprawih
Level 7
Level 7

‎11-21-2006 05:25 AM

Your limitation here is the single Public IP Address.

With you setup plan (and similar to others), a dedicated Public IP is a must for the VPN3K Public interface to make it work.

But looking at what you have right now (devices, connectivity and available Public IP), I am not sure if this is possible. A (static) NAT on the router still need dedicated Public IP.

HTH

AK

0 Helpful

arumugasamy
Level 1
Level 1
In response to a.kiprawih

‎11-25-2006 01:22 AM

Dear Kiprawih,

Thank you for your IPS solution.Here to configure the VPN 3030 woth cisco IPSEC client setup, I did the static nat on the router with its dialer0 wan interface public single IP address

#ip nat inside source static (VPN 3030 public ip) (dialer 0 public ip address)

Now i like you to tell me the above is correct and the config details in the vpn 3030 as i asked in my conversations.

I can ping the public vpn 3030 ip address using the dialer 0 wan public IP bacause the static nat is working fine.but i can not access the LAN using the ip sec vpn client.

I configured the vpn 3030 for both IPSEC and pptp client.

Please correct me where i did mistake in the configuration of the both router and vpn 3030.

Thanking you

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents