1. Home
  2. Cisco Systems
  3. pix 501 to pix 506 easy vpn

pix 501 to pix 506 easy vpn

Hi.

We=B4ve got a cisco pix 506 firewall at our main office and a pix 501 at another branch office. I want to connect these two to each other using the 506 as an easy vpn server, so that it seems like the clients at the branch office are in the same network as the main office. It probably isn't that hard, but since I'm kinda new to this I would like some guidance.

The IP numbers are modified, but the firewalls are setup kinda like this:

Main office: Cisco pix 506 with static external IP: 209.165.201.8 Inside IP: 10.10.10.7

Branch office: Cisxo pix 501 with static external IP: 209.165.200.229 Inside IP: 10.10.20.1

Thanks in advance.

Reply to
fredrikmagnil
Loading thread data ...

How important is it that they appear to be on the same network? It is much easier to set up if they appear to be on different networks.

Since the PIX 501 and PIX 506 are only Layer 3 firewalls at present, you aren't going to get ARP or NETBIOS broadcasts through the VPN, so they aren't really going to appear to be on the same network anyhow.

If you need Layer 2 Transparent VPN then you need PIX 515/515E,

525, 535, or a Cisco ASA; alternately, some of the newer Cisco IOS versions support it (and on IOS versions that don't, there's always gre encapsulation.)
Reply to
Walter Roberson

Have you got a server at the main office? If so, setup an ipsec tunnel between the offices and log people onto your domain. You don't need the easy vpn server and the pix units will do fine.

We´ve got a cisco pix 506 firewall at our main office and a pix 501 at another branch office. I want to connect these two to each other using the 506 as an easy vpn server, so that it seems like the clients at the branch office are in the same network as the main office. It probably isn't that hard, but since I'm kinda new to this I would like some guidance.

The IP numbers are modified, but the firewalls are setup kinda like this:

Main office: Cisco pix 506 with static external IP: 209.165.201.8 Inside IP: 10.10.10.7

Branch office: Cisxo pix 501 with static external IP: 209.165.200.229 Inside IP: 10.10.20.1

Thanks in advance.

Reply to
Rob

Well, I guess it isn't very important that they appear to be on the same network. Just as long as the users at the branch office can access files on the server at the main office, and vice versa.

Yes Rob, we've got servers at both locations, both are in the same domain. So all users will log on to the same domain. What I want to achieve here is being able to control all servers from one location, including shared folders, users etc. I want to be able to see all the users when I look in active directory on the main office server, including the ones that are sitting at the branch office. I guess I would have to replicate the users database from the branch office server to do this? Will this ipsec tunnel allow me to do all this?

Reply to
fredrikmagnil

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.