I have office and remote site both sides i have cisco pix 501
I want to create VPN site to site (pix to pix) and VPN access to office
Is this possible? can i set a Server VPN (for users to be able to work remotley) and at the same time have vpn site to site
Is this possibel or not
if yest = i will try to do this
if not - it has to be done
RObert
In article , Robert wrote: :I have office and remote site :both sides i have cisco pix 501
:I want to create VPN site to site (pix to pix) :and VPN access to office
:Is this possible?
Yes.
:can i set a Server VPN (for users to be able to work remotley) and at the :same time have vpn site to site
Yes.
However, with the PIX 501, without adding additional hardware, your VPN client users will not be able to access the remote site by connecting to the office site. The PIX 501 will not relay incoming traffic (from the VPN clients) to tunnels.
OK it is not a problem I want to connect VPN site to site - i want to have acces to servers and people want to connect to office - i do not want to connect from
1VPN to another (even they should not)Thank you - i will try to find solution how to doit if any case i will post here
BTW -thank you aganin Walter you are the best
PIX-2 Condig
PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 access-list outside_access_in permit icmp any any log access-list outside_access_in permit tcp any host 150.150.150.114 object-group tcp_114 icmp permit any outside icmp permit any echo-reply outside icmp permit any router-solicitation outside icmp permit any inside ip address outside 200.200.200.200 255.255.254.0 ip address inside 150.150.150.113 255.255.255.248 pdm location 150.150.150.114 255.255.255.255 inside global (outside) 100 interface nat (inside) 0 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 150.150.150.114 150.150.150.114 netmask
255.255.255.255 0 0 route outside 0.0.0.0 0.0.0.0 200.200.200.1 1 aaa authentication ssh console LOCAL http server enable vpdn enable outsidePIX-1 Config interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 access-list outside_access_in permit icmp any any log icmp permit any outside icmp permit any echo-reply outside icmp permit any router-solicitation outside icmp permit any inside ip address outside 100.100.100.11 255.255.255.248 ip address inside 192.168.1.1 255.255.255.0 global (outside) 10 interface nat (inside) 10 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 100.100.100.13 192.168.1.28 netmask
255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 83.146.41.9 1 aaa authentication ssh console LOCAL http server enable ssh 0.0.0.0 0.0.0.0 outside vpdn enable outside dhcpd address 192.168.1.30-192.168.1.120 insideIf i want to do VPN site to site than i found somethink like this
PIX-1 - should be
access-list 101 permit ip 192.168.1.0 255.255.255.0 150.150.150.112
255.255.255.248 nat (inside) 0 access-list 101 sysopt connection permit-ipsec no sysopt route dnat esp-des provides 56-bit encryption. crypto ipsec transform-set chevelle esp-des esp-md5-hmac crypto map transam 1 ipsec-isakmp crypto map transam 1 match address 101 crypto map transam 1 set peer 200.200.200.200 crypto map transam 1 set transform-set chevelle crypto map transam interface outside isakmp enable outside isakmp key ********** address 200.200.200.200 netmask 255.255.255.255 isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 1000PIX-2 - Should be
access-list 101 permit ip 150.150.150.112 255.255.255.248 192.168.1.0
255.255.255.0 nat (inside) 0 access-list 101 sysopt connection permit-ipsec no sysopt route dnat esp-des provides 56-bit encryption. crypto ipsec transform-set chevelle esp-des esp-md5-hmac crypto map transam 1 ipsec-isakmp crypto map transam 1 match address 101 crypto map transam 1 set peer 100.100.100.11 crypto map transam 1 set transform-set chevelle crypto map transam interface outside isakmp enable outside isakmp key ********** address 100.100.100.11 netmask 255.255.255.255 isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 1000is this correct?
Robert
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.