Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: VPN Setup

VPN Setup 10 years 9 months ago #13530

Hi everybody

i ve just found this forum, it s cool.
So I am facing out of a problem

I have my network, we use a pix to protect our Internet access, and another router to provide site to site vpn.
My problem is: I need to have the PIX as default gateway for the inside network, and the pix must reroute some internal packets (destination 172.16.0.0) to the router for vpn connectivity.

I have read that pix does not provide icmp redirect, and so does not reroute packet to the router. So how can I bypass this ?

PIX
|
|
--corporate router
>vpn|
|
inside network

Rgds
Stouf
The administrator has disabled public write access.

Re: VPN Setup 10 years 9 months ago #13534

  • d_jabsd
  • d_jabsd's Avatar
  • Offline
  • Distinguished Member
  • Posts: 153
  • Karma: 0
Which model of pix?

If it is a 506e or larger, I would set up an interface on the pix that connects to the corporate router. The pix does act, in some ways, as a router but it has 2 major limitations: It will not redirect traffic and It will not allow traffic to leave an interface that it entered on (sometimes referred to as 'hairpinning').

If you don't have enough physical interfaces, you may have to use vlans. The 506e allows for vlans with the latest release of PixOS (up to 4 total interfaces which allows 2 physical interfaces and 2 vlans). The 515e's and up have always allowed vlans unless you are running a realy old version of PixOS.

internet
|
|
|
PIX
Corporate Router
VPN
|
|
|
Inside


The other option is to set a static route on the all the systems that need access to the vpn. Just use the corporate router as the gateway for the vpn subnet and anything behind it.

Its not a real desireable option, as you will have to touch every workstation, but it will work if you don't have any other options.
The administrator has disabled public write access.

Re: VPN Setup 10 years 9 months ago #13537

Thx for the answer
Unfortunately it's a 501.
So I have deployed a GPO for running script with static route.

THX
The administrator has disabled public write access.
Time to create page: 0.075 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup