Remote access routing ?

- K
- kjo
  
  Contact options for registered users
posted
18 years ago

Thu, Jun 30, 2005 9:34 PM

I have a problem, please assist me !

B --- C \\ / \\ / A

- K
- kjo
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Jun 30, 2005 10:04 PM

I have this little twist to add.. maybe it could help B-----C \\ / \\ / A

- E
- Erik Tamminga
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sat, Jul 2, 2005 12:39 PM

Hi,

Pix 6.3 has the limitation of not being able to send packets out the interface they came in on. So the answer is no, Pix 6.3 cannot do what you'd want.

There is a solution though. Upgrade you're Site-A Pix to version 7.0, wich does includes support for this. You didn't specify if your pix is a 515 or 515E. I'm not sure if PIX7.0 is available for PIX515, I know it is for PIX515E.

Success,

Erik

- K
- kjo
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sat, Jul 2, 2005 2:47 PM

Thanks Erik

The PIX is a 515E.

What i thought about was NATting the Remoteaccess users, but i see your point.. Have you got any clue about what an update to version 7.0 costs

Regards

Kenneth

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sat, Jul 2, 2005 3:21 PM

In article , snipped-for-privacy@kjohansen.dk wrote: :The PIX is a 515E.

:What i thought about was NATting the Remoteaccess users, but i see your :point..

You indicate that you have PIX 6.3(4) and that you have a 515.

The 515 supports 3 physical interfaces, even with the restricted version, so if you have additional public IP space or can subnet the public IP space, there are approaches you can take with adding an interface.

The 515 also supports "logical" interfaces, which are 802.1Q VLANs. To use those, you still need the same kind of IP space requirements as for a physical interface, and you also need a WAN router that supports 802.1Q VLANs, but you don't need to purchase a physical interface.

:Have you got any clue about what an update to version 7.0 costs

PIX-SW-UPGRADE= is the part number, and the list price appears to be $US1000, street price around $US700.

Historically, Cisco has usually allowed people to go on SmartNet (and receive upgrades as part of the SmartNet entitlement) if they have been off support for less than 1 year. The appropriate part number would appear to be CON-SNT-PIX515 or possibly CON-SNT-PIX515R . I am having difficulty finding US pricing for either part number; it looks like the price is around $US1200 at most places -- but possibly as low as $US325 . One place claims that you should be able to use CON-SNT-PKG7 -- if so then that's around $US650. I would suggest asking a company that regularily does SmartNet contracts.