HI, I'v got a couple of PIX 515 in failover which are used to make vpn connections with some of our clients and all works fine. What we are challenged to make is relaying a vpn from the inside because we have several inside sites and from one of them there will be a vlan dedicated to computers belonging to our new client. Routing them from this site to the pix would imply putting all the routes to my client's networks. First inconvenience, they use internally publice addresses which they don't own.2nd constraint, the internal network assigned to the client must be sealed to and from all our networks. I thought including this network in an internal vpn with a little pix 501 on this site up to the pix connected to the Internet. Trying to make a layout :
MY SITE A MY SITE B INTERNET CLIENT
CLIENT----PIX 501----RTRA------RTRB----PIX515-----VPN --------HIS NETWORKS
Does somebody knows if it is possible to make a vpn directly to pix 515 on its inside interface and then rebuild another tunnel to the client networks ?
I thought of another solution with another pix 501 in front of the pix515 having a vpn between the 2 501 and then rebuilding another tunnel with the 515. MY SITE A MY SITE B INTERNET CLIENT
CLIENT----PIX 501----RTRA------RTRB--501--PIX515-----VPN --------HIS NETWORKS
Could this work ? Does anybody have already setup such a configuration ?
Thanks in advance Daniel