RE: Pass-through VPN

["Roberts, Shawn" <Shawn.Roberts () ualberta ca>]

This is a site to site VPN with one termination box inside out firewall and
the other on the outside of the firewall (where the traffic comes from).
Both of these boxes are out of our hands and we just have to ensure when the
firewall goes in the traffic still keeps going through.  The VPN does not
terminate on the PIX at all, just need the traffic to go untouched through
it.  

I was planning on:


access-list 131 permit udp x.x.x.x host X.X.X.X eq isakmp
access-list 131 permit esp x.x.x.x host X.X.X.X
access-list 131 permit ahp x.x.x.x host X.X.X.X

Just hoping this is correct.  Thanks again


-----Original Message-----
From: Melson, Paul [mailto:PMelson () sequoianet com] 
Sent: Thursday, September 30, 2004 11:52 AM
To: Roberts, Shawn; firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Pass-through VPN

> -----Original Message-----
> I have a quick question about what I need to do on a PIX 515 
> to get VPN traffic to pass through it. I have done the rest 
> of the setup on this box but I want to make sure that this 
> part is running correctly when I install it. Any help would 
> be very much appreciated.

<PASTE> That all depends. </PASTE>  

Is this a site-to-site or client tunnel?  Is the traffic originating
inside or outside the firewall?  Is it PPTP, L2TP, or IPSec/ISAKMP (or
SKIP, if you're a BorderManager user)?  Is the PIX a termination point
for other VPN connections?  All of these effect how you need to
configure the PIX.

PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards