cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
433
Views
0
Helpful
3
Replies

VPN site to site (2 pix) and firewall behind one pix

dsaezpramer
Level 1
Level 1

We're making this configuration:

Internal network 1 -- PIX 1 -- Internet -- PIX 2 -- Firewall -- Internal Network 2

We don't have problems configuring the VPN site to site, but the problem now is that we have to pass thru the firewall in fron of internal network 2.

What type of configuration could be use in that firewall?? Maybe to No-NAT packets from internal network??? Or change some configuration in PIX device?

In a simple topology without firewall, we're using the "Simple PIX-to-PIX VPN tunnel configuration Example" from this article:

http://www.cisco.com/warp/public/110/38.html

The idea is to use the same configuration, but adding a firewall in one of the network.

Can you give me some advice to make this configuration?

Thanks in advance.

Diego Saez

3 Replies 3

wasiimcisco
Level 1
Level 1

you have to make the static and access-list on firewall that is located on internal network 2. static will be the interested traffic of internal network 2 and access-list allow the interested traffic of internal network 1. You may also have to enable the NAT-T on internal network firewall 2 to pass the vpn traffic.

use ASDM on firewall located on internal network 2 and make the source of interesting traffic coming from inernal network 1 and and destination internal network 2. U will get to know where your packet is actually dropping.

So, in your opinion I don't have to change anything in PIX 2 configuration? All have to be done in firewall 2?

no dear, u have to change all things on firewall located on network 2. not main firewall where u have vpn connected. change everything on firewall that is located behind and infront of internal network 2.

VPn is already established just make sure you have route inside towards the firewall in front of internal network 2.

First establish vpn and then configure the network 2 firewall so that u can access internal network 2.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: