Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 2620 w/ 515e PIX unit

Status
Not open for further replies.
sicron

sicron

Technical User
Feb 8, 2003
15
US

The 2620 is running 12.x of the IOS (sorry, can't telnet into it, don't recall the release), the PIX is running 6.x (PDM is too slow at 56k for me to post in this preliminary question).

I need help in a bad way.
In trying to keeps things simple (remember KISS?), I've been allocated 1 public IP address for one leg of a WAN (each leg setup the same, except other legs have smaller PIXes), so I've had to PAT with the PIX for the private network.
I've also had to statically NAT f0/0 in the 2600 to the public address of ser0/0, otherwise only one user at a time gets out.
Outbound internet access is fine, which I've been trying to achieve is an ipsec tunnel with another leg.
Sounded easy looking at the documentation and the other information I've run across........
Anywhoot, I can't get the outside ports on the PIXes to initiate a tunnel.
Is my ideology flawed or my implementation?
In theory, I can't see any reason why this shouldn't work (although I'm having a hard time understanding how the other outside interface is going to receive a datagram from it's peer because the source address has been altered).
H E L P ? ! ? ! ?
 
Sort by date Sort by votes

The more I've thought about it, if I'm right, then the only way the aforementioned setup can work is if the 2600s did the tunneling instead of the PIXes, correct?
 
Upvote 0 Downvote
I am a little confused here.. Well, lets see. you have a pix box and a 2600 router and you want to do IPSEC between them. If that is the case, the VPN is possible. Now the question is what kind of VPN? Then.. you can have a VPN tunnel between 2600 and PIX. If the situation is as below;

PIX------->INTERNET<------2600

Then you should be able to configure VPN and Internet access at the same time. VPN peering will be between these two boxes and so when a packet comes depending on the ip addressing and routing you can configure it to choose to internet or go to the PIX leg. Can you explain a little more about the situation especially about the ip addressing u have.

Cheers,
Rajesh
 
Upvote 0 Downvote

Sorry, guess that would have helped. Here's the ASCII diagram:

PIX -> 2620 -> {internet} <- 2620 <- PIX

Was wanting to do the 3DES with the PIXes (since the IT contractors got THAT license for both of them), tried using Cisco's example of ipsec & isakmp to no avail.

&quot;The reward of patience is patience&quot;
-St. Augustine
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
221
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
201
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
202
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
206
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
263
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top