Allowing private network inbound

- E
- Easynews
  
  Contact options for registered users
posted
18 years ago

Sun, Dec 11, 2005 3:17 AM

I've got a situation where I've got a Qwest PRN (Private VPN) network with several sites with addresses 192.168.0.1, 192.168.1.0 and 192.168.2.0. Currently we have a managed firewall solution provided by Qwest but need to replace this with a Cisco Pix for a couple of different reasons. Qwest can turn off NAT and open all ports on their firewall. My issue is that I've always dealt with Pix firewalls when the WAN is on the inside of the Pix. In this scenario, the two other locations will be on the outside of the Pix. How do I allow for this WAN traffic? Do I simply allow all ports for network

192.168.1.0 and 192.168.2.0 in an access list on the Pix?

Thanks for any help, Max

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sun, Dec 11, 2005 7:32 AM

If you are using PIX 6.x, you have two choices:

(1) sysopt connection permit-ipsec

This will permit all ipsec traffic (that authenticated properly!) to access any inside host, with no access checking.

(2) configure your outside access list (and your inside one, if you have one) to explicitly permit the flows from 192.168.1.0 and 192.168.2.0 that you want to allow.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.