I am new at VPN with Pix. Have a very tricky situation. On one side I have a PIX Firewall 501-6.2(2) with public IP address, and on the other side I have a SpeedTouch with Dynamic IP and behind that speedtouch another Pix 501- 6.3(5)Firewall. I want to enable users from the SpeedTouch side to access VPN on the Public Pix. THe public pix is already configured to accept PPTP VPN clients. THe idea was to configure Site-to-Site VPN or Easy VPN connection from the Remote Pix behind the SpeedTouch to Public Pix. At first I had trouble with the SpeedTouch. It had ESP on port 1 instead of 50. Found tools to disable the Firewall. Made an Easy VPN configuration on the remote Pix, and tried configuring the Public pix as Easy VPN Server. But i found that when configuring the Public pix for easy vpn it doesn't accept PPTP users any more. PPTP users make the connection, but can't access anything on hte private net behind the Public Pix, as if they aren't even connected. No ping, or anything. They get a legitimate Private IP from the PIX's DHCP. After removing the IKE and crypto maps I can normally make a VPN PPTP connection again.
The question are:
- Can I configure the 2 Pix firewalls for Easy VPN or Site to Site VPN? The remote Pix is behind a SpeedTouch modem that uses PPPoE connection.
Do I have to change the SpeedTouch into bridge mode for this to work?
- Can I make an PPTP VPN connection from behind the SpeedTouch as a client? This is as plan B if i can't configure Easy VPN or Site-to-Site between the PIX Firewalls.
I tried both scenarios, but couldn't make them work.
Thank you in advance