Allowing private network inbound

I've got a situation where I've got a Qwest PRN (Private VPN) network with several sites with addresses, and Currently we have a managed firewall solution provided by Qwest but need to replace this with a Cisco Pix for a couple of different reasons. Qwest can turn off NAT and open all ports on their firewall. My issue is that I've always dealt with Pix firewalls when the WAN is on the inside of the Pix. In this scenario, the two other locations will be on the outside of the Pix. How do I allow for this WAN traffic? Do I simply allow all ports for network and in an access list on the Pix?

Thanks for any help, Max

Reply to
Loading thread data ...

If you are using PIX 6.x, you have two choices:

(1) sysopt connection permit-ipsec

This will permit all ipsec traffic (that authenticated properly!) to access any inside host, with no access checking.

(2) configure your outside access list (and your inside one, if you have one) to explicitly permit the flows from and that you want to allow.

Reply to
Walter Roberson Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.