Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: PIX to Router IPSec

From: "Shirley, David" <David.Shirley () team telstra com>
Date: Wed, 9 Jun 2004 13:45:52 +1000
Hi Tony,

Not sure if anyone has helped you with this but my advise is as follows:

Forget about the router with the 2 public IP's - just so long as it will
permit IPSEC traffic through it to the PIX it will be fine.

Basically you are setting up a VPN tunnel from PIX to PIX - if you need
help with conf's check out cisco.com there are many PIX -> * VPN example
configs.

You can go PIX->router but you need to work out what is *best* for you -
ie who will be using the VPN? Clients behind the PIX or clients behind
the router? If it's clients behind the PIX I would terminate the VPN at
the PIX rather than the router!

Cheers
Dave

----------------------------------------------------------------
David Shirley
Telstra InterNetworking Solutions
INS Firewall Team
Phone: (03) 86615977
Mobile: 0417020119
Email: David.Shirley () team telstra com
----------------------------------------------------------------


-----Original Message-----
From: ghideon () ghideon com [mailto:ghideon () ghideon com]
Sent: Tuesday, 8 June 2004 9:18 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] PIX to Router IPSec

Need some advice on the following:

I'm going to establish a PIX to Router IPSec tunnel between two

locations.

 The PIX has a public IP and a private IP, and the router has two

public

IPs.

I'm having trouble wrapping my mind around this.  Since the router has
public IPs, I will need to pass the traffic to another PIX that sits
behind the router, since that second PIX has a public IP and a private

IP.

 Is this making any sense?  Or is what I'm trying to do not possible?

If

worse comes to worse, I can just go from PIX to PIX.

Thanks
Tony
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: