1. Home
  2. Cisco Systems
  3. PIX 501 behind kyocera kr1 router

PIX 501 behind kyocera kr1 router

Hi all!

i want to configure something like this but have no idea how to do this :

i have a kyocera kr1 router on a remote office (basically like a normal internet router but connecting to the internet with a 1xevdo wireless connection) wich is connected to the internet (dynamic IP) and i would like to use a pix501 router to create a VPN connection to my central office (PIX515).

somebody have an idea on how to do this ???

i know how to set up a vpn connection with my pix when the PIX501 is directly connected to the internet, but is it possible to pass through the other router to achieve tha same goal ?

any help would be greatly appreciated!

Reply to
balsamo
Loading thread data ...

Yes. Please see

formatting link

Reply to
Walter Roberson

thanks for the information walter.

but what i need to do is the reverse thing : the router doing the vpn will be the pix et the other one will be on the internet. do i have to foward vpn requests on the kyocera to the pix ? and what kind of ip addresses do i have to put in place for the 2 routers to communicate et pass then on the local lan ? i've never made something like that before...

the order is : head office => internet => kyocera => pix => lan

thanks for your help.

Reply to
balsamo

I don't know anything about the kyocera, but the answer is very likely YES -- and the article I pointed to earlier tells you -what- needs to be forwarded in order to support particular protocols.

You will probably find it much easier to turn on NAT-T and then like everything get encapsulated into UDP.

If you turn on NAT-T on the PIX 501 then you can use private IP addresses between the kyocera and the PIX, provided that the kyocera handles NAT. If the kyocera does not do NAT then you will need to have two subnet ranges, one for the outside of the kyocera and one for the inside of the kyocera plus the outside of the PIX.

Reply to
Walter Roberson

thanks a lot! i'll try this !

Reply to
balsamo

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.