Firewall Wizards mailing list archives
Re: PIX to PIX IPSec Tunnel Through a PIX
From: Brian Ford <brford () cisco com>
Date: Thu, 04 Mar 2004 11:17:14 -0500
Al,Have you looked at the Cisco web site (CCO)? We have all sorts of examples of how to configure IPSec VPN connectivity to and from the PIX on CCO.
Might I point out that based on how I read your message I don't think you can do what you want to do. In my opinion your message contains the absolute minimum of actual useful information to qualify as a post. You should (look at CCO and then maybe) re-post your original message and give us a clue as to how this is all addressed.
Try something like: ?IP [506] ?IP -- ?IP [501] ?IP -- ?IP [515] ?IPBTW: Did I get this connectivity right? I wasn't sure. Are you trying to run an IPSec VPN tunnel through an IPSec VPN tunnel or just through a Firewall?
Please point out if the IP addresses are being supplied by the PIX, by and ISP or if they are Internet addresses.
Liberty for All, Brian At 08:44 AM 3/4/2004 -0500, firewall-wizards-request () honor icsalabs com wrote:
From: "Al Cooper" <alc () 2wh com> To: <firewall-wizards () honor icsalabs com> Date: Tue, 2 Mar 2004 10:41:01 -0700 Subject: [fw-wiz] PIX to PIX IPSec Tunnel Through a PIX I am attempting to establish a IPSec tunnel where 3 pix's are involved. I have a PIX 506E on one end of the tunnel. On the other end is a PIX 515E running PAT, that needs to pass through the IPSec tunnel to an internal 501 where the tunnel will be terminated (through the Border firewall and terminated on the Departmental firewall). I am finding very little information on the proper way to set-up this network configuration. I have read that I may need to use NAT instead of PAT, and use the Nat-T function on the 515E. But other than that I am lost. Can you Firewall experts lead me in the right direction? Thanks in advance for your help, Al Cooper
Brian Ford Consulting Engineer, Security & Integrity Specialist Office of Strategic Technology Planning Cisco Systems Inc. http://www.cisco.com/go/safe/The opinions expressed in this message are those of the author and not necessarily those of Cisco Systems, Inc..
This email address is transmitted from San Jose, California, U.S.A.. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX to PIX IPSec Tunnel Through a PIX Al Cooper (Mar 02)
- <Possible follow-ups>
- PIX to PIX IPSec Tunnel Through a PIX Al Cooper (Mar 04)
- RE: PIX to PIX IPSec Tunnel Through a PIX Melson, Paul (Mar 04)
- Re: PIX to PIX IPSec Tunnel Through a PIX Brian Ford (Mar 07)
- RE: PIX to PIX IPSec Tunnel Through a PIX Al Cooper (Mar 07)