- Posts: 3
- Thank you received: 0
VPN Setup
- stoufabella
- Topic Author
- Offline
- New Member
-
Less
More
18 years 6 months ago #13530
by stoufabella
VPN Setup was created by stoufabella
Hi everybody
i ve just found this forum, it s cool.
So I am facing out of a problem
I have my network, we use a pix to protect our Internet access, and another router to provide site to site vpn.
My problem is: I need to have the PIX as default gateway for the inside network, and the pix must reroute some internal packets (destination 172.16.0.0) to the router for vpn connectivity.
I have read that pix does not provide icmp redirect, and so does not reroute packet to the router. So how can I bypass this ?
PIX
|
|
--corporate router
>vpn|
|
inside network
Rgds
Stouf
i ve just found this forum, it s cool.
So I am facing out of a problem
I have my network, we use a pix to protect our Internet access, and another router to provide site to site vpn.
My problem is: I need to have the PIX as default gateway for the inside network, and the pix must reroute some internal packets (destination 172.16.0.0) to the router for vpn connectivity.
I have read that pix does not provide icmp redirect, and so does not reroute packet to the router. So how can I bypass this ?
PIX
|
|
--corporate router
>vpn|
|
inside network
Rgds
Stouf
18 years 6 months ago #13534
by d_jabsd
Replied by d_jabsd on topic Re: VPN Setup
Which model of pix?
If it is a 506e or larger, I would set up an interface on the pix that connects to the corporate router. The pix does act, in some ways, as a router but it has 2 major limitations: It will not redirect traffic and It will not allow traffic to leave an interface that it entered on (sometimes referred to as 'hairpinning').
If you don't have enough physical interfaces, you may have to use vlans. The 506e allows for vlans with the latest release of PixOS (up to 4 total interfaces which allows 2 physical interfaces and 2 vlans). The 515e's and up have always allowed vlans unless you are running a realy old version of PixOS.
internet
|
|
|
PIX
Corporate Router
VPN
|
|
|
Inside
The other option is to set a static route on the all the systems that need access to the vpn. Just use the corporate router as the gateway for the vpn subnet and anything behind it.
Its not a real desireable option, as you will have to touch every workstation, but it will work if you don't have any other options.
If it is a 506e or larger, I would set up an interface on the pix that connects to the corporate router. The pix does act, in some ways, as a router but it has 2 major limitations: It will not redirect traffic and It will not allow traffic to leave an interface that it entered on (sometimes referred to as 'hairpinning').
If you don't have enough physical interfaces, you may have to use vlans. The 506e allows for vlans with the latest release of PixOS (up to 4 total interfaces which allows 2 physical interfaces and 2 vlans). The 515e's and up have always allowed vlans unless you are running a realy old version of PixOS.
internet
|
|
|
PIX
Corporate Router
VPN
|
|
|
Inside
The other option is to set a static route on the all the systems that need access to the vpn. Just use the corporate router as the gateway for the vpn subnet and anything behind it.
Its not a real desireable option, as you will have to touch every workstation, but it will work if you don't have any other options.
- stoufabella
- Topic Author
- Offline
- New Member
-
Less
More
- Posts: 3
- Thank you received: 0
18 years 6 months ago #13537
by stoufabella
Replied by stoufabella on topic Re: VPN Setup
Thx for the answer
Unfortunately it's a 501.
So I have deployed a GPO for running script with static route.
THX
Unfortunately it's a 501.
So I have deployed a GPO for running script with static route.
THX
Time to create page: 0.118 seconds