PIX VPN client-to-client routing: clever ways?

I've got a PIX-501 (running 6.3(5)) on a small server network, with no other inside router. I use the Cisco VPN client to connect our office computers to this network. I also use the VPN client from home/Starbucks/etc to get access to the servers. Our office computers have no fixed address and are behind a firewall (which I don't control), and it occured to me that I might be able to use the VPN to allow home access to the office computers.

By itself, the PIX can't do this, since you can't route in and out the same interface until 7.0, which the 501 can't run.

Can someone think of a clever way to use one of the internal Linux boxes as a router or proxy to enable client-to-client access? Performance isn't a big issue; this is just so administrators can remotely access our office machines in an emergency. I saw an old post from Walter recommending a different solution, but that involved an external router, and (presumably) a PIX with more than the two interfaces of the 501. We don't have the budget for another router, and if I did, I'd probably just upgrade to the

515 anyway.

Jay Levitt

Reply to
Jay Levitt
Loading thread data ...

Sure, there's lots of different ways to do that. Just have the Linux boxes NAT the packet source into the local internal IP address range and the PIX will take care of the rest.

There's an approach that would use a second PIX 501, or any other IPSec security gateway such as the Linksys BEFVP41.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.