Firewall Wizards mailing list archives
Re: PIX to PIX VPN from within a private network.
From: Greg <greg () fqdn com>
Date: Tue, 14 Mar 2006 17:13:38 -0500
Thanks Ralph and John,I suspected that was what would need to be done, have the 827 act as a bridge. fyi. i'm not using NAT on any of the devices at home, the ISP assigned me a block of IPs which sit on the inside of the PIX with the 827's external interface numbered with the gateway IP to this network. thanks again folks, I'm sure this information saved me a few hours this weekend.
greg John Adams wrote:
I don't know of any way to make this work without some changes to your network. IPSec will have problems creating security associations between the two networks, as the endpoint will be the Internet routable IP and not the PIX. I assume you are doing some sort of network address translation on your home router.Or, is it case of you not being able to do that because the Cisco 827 is providing both the DSL connection and NAT ?If I were you I'd reconfigure the Cisco 827 to act as a DSL Bridge instead of a DSL router, and move the NAT to the PIX. Your VPN will work then.Another option is to install the Cisco VPN client on the PC at home, and use that client to connect through your existing network to the PIX, but that might not be what you're looking for as it would only provide VPN to one host.Also keep in mind that all of the other routers in your companies network will need to know how to get to your subnet if you are joining the two networks through the PIX (else, you won't be able to route to them.)-j On Mon, 13 Mar 2006, Greg wrote:Hello, I have a PIX at home and would like to connect via site to site VPN to the PIX at work which I also maintain.The problem I think I may run into is I have a private network between the internet router and my internal home PIX. The segment between the internet router and the internal PIX is 10.0.0.0/24, the outside interface of the PIX is numbered 10.0.0.1.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX to PIX VPN from within a private network. Greg (Mar 14)
- Re: PIX to PIX VPN from within a private network. John Adams (Mar 14)
- Re: PIX to PIX VPN from within a private network. Greg (Mar 15)
- Re: PIX to PIX VPN from within a private network. Patrick M. Hausen (Mar 15)
- Re: PIX to PIX VPN from within a private network. Greg (Mar 17)
- <Possible follow-ups>
- RE: PIX to PIX VPN from within a private network. Utz, Ralph (Mar 14)
- Re: PIX to PIX VPN from within a private network. John Adams (Mar 14)