Firewall Wizards mailing list archives

SV: VPN Design - is it possible

From: "Skough Axel U/IT-S" <axel.skough () scb se>
Date: Thu, 22 Dec 2005 12:35:19 +0100

Hi Julian,
 
I am not well experienced with the PIX, but, anyhow, there should not be any problems when using the Microsoft VPN 
server/client combination..... You can establish multiple connections between even between the same VPN client/server - 
no real restriction would apply. To control which VPN gate is recently used may be defined using ROUTE command from 
command prompt for a certain set of IP addresses. 
 
If PIX allows for the same flexible usage I dunno as I said.... One have to read documentation and try, but logically 
no restrictions should apply as the VPN IP connection is a virtual logical data transmission channel on layer 2 and 
thus doesn't require any additional hardware.
 
Best regards, 
 
Axel 

________________________________

Från: firewall-wizards-admin () honor icsalabs com genom Julian M D
Skickat: on 2005-12-21 16:17
Till: firewall-wizards () honor icsalabs com
Ämne: [fw-wiz] VPN Design - is it possible



Hi,

I have been given the task to accomplish some kind of failover using
PIX firewall and 2 ISP's connections as follows:

Site A - 2 PIX 506E , 2ISP - 1LAN
Site B, C, D, E, PIX 501 , 1ISP
Site F - PIX 515, 1DMZ, 1ISP

                    ------VPN -------SITE B PIX----------VPN SITE F PIX
SITE A PIX 1 -------VPN--------SITE C PIX----------VPN SITE F PIX
     (ISP1)     -------VPN--------SITE D PIX----------VPN SITE F PIX
                   -------VPN--------SITE E PIX----------VPN SITE F PIX

                   ------VPN -------SITE B PIX ----------VPN SITE F PIX
SITE A PIX 2-------VPN--------SITE C PIX----------VPN SITE F PIX
     (ISP2)     -------VPN--------SITE D PIX----------VPN SITE F PIX
                   -------VPN--------SITE E PIX----------VPN SITE F PIX

My question is : is it possible to have 2 separate VPN connection to
the same SITE ( looking from B,C,D,E point of view - they would see
the LAN behind SITE A using 2 separate IPSec tunnels)? Has anyone done
or seen anything similar? Do you have a better plan using the given,
options??

Best regards to all, and Happy "Secure" Holidays Everyone!

Julian
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

VPN Design - is it possible Julian M D (Dec 22)
- RE: VPN Design - is it possible Paul Melson (Dec 22)
- RE: VPN Design - is it possible Sanford Reed (Dec 28)
- <Possible follow-ups>
- SV: VPN Design - is it possible Skough Axel U/IT-S (Dec 22)