I have 3 PIX 501 firewalls running PPOE ADSL connections.
Head Office
2 * Remote locationsWe need to extend the configuration to include some VPN features:
Office PAT (I think this is the term) - external inbound connections (eg port
80 443 5060 etc) - WORKING Software VPNClient will connect to this point (users travelling need to access the office network) - WORKING Hardware VPN Host (Server) Radius SERVER authentication for software VPN clients - WORKING Provides primary internet connection for this locationRemote1 PAT (I think this is the term) - external inbound connections (eg port
80 443 5060 etc) - WORKING Software VPNClient will connect to this point (users travelling need to access the office network) Hardware VPN will connect to Office - needs to be in NEM mode - both sides should be able to see resources on both sides Provides primary internet connection for this location - this means we need split tunnel for the VPN connection???Remote2 Software VPNClient will connect to this point (I believe that users in remote1 location would need to do this to access resources in this location?) Hardware VPN will connect to Office - needs to be in NEM mode - both sides should be able to see resources on both sides No external internet access required here
Is this possible? I have read a range of materials much of which is confusing for the inexperienced. Some of the items concerning me are
PAT cant be done whilst the Hardware vpn is configured? Software and Hardware VPN hosts (servers) cant coexist on same device Remote1 cant route to Remote2 (in out not allowed rule on one interface???)
Where do I go to start to get a working config for this?
How does the addressing work on the internal networks?
At the moment I have PPOE connection going ok and the inbound PAT stuff working with software VPN authenticating against a separate RADIUS server. We have successfully connected (I think) from Remote1 to Office with hardware vpn but Office then lost all internet access.
Thanks
Stewart