Cisco PIX 506 Firewall -> VPN -> Instagate Firewall??

[GregValley]

I'm new to setting up VPN's and would like to configure a VPN with a remote office via DSL connection. Both locations have a static IP address and both have firewalls.
Home office has Cisco PIX 506 Firewall and the remote office has an Instagate Firewall. I would like to allow the remote office to log onto my domain at the home office. I've searched the web to find no useful answers. Does anyone have any suggestions?? Thanks in advance.

 

[yizhar]

HI.

I don't know anything about the Instagate Firewall, but the following links describing VPN to other devices can help:

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Hardware:PIX&s=Software_Configuration

http://www.cisco.com/pcgi-bin/Suppo...ementation_and_Configuration#Samples_and_Tips

> I would like to allow the remote office to log onto my domain at the home office ...
It's not always a wise idea (issues like bandwidth, availability, and more).
What exactly do you want the remote office to be able to do?

A good solution for remote offices is a terminal server, which can eliminate many related problems and allow them to do what they need, with easy central management for you.

Once you implement a terminal server at the home office, you can choose between to ways to allow and protect the traffic from the remote office:
1) Use site to site VPN (as you asked).
OR:
2) Simply create a rule in the firewall to allow traffic from remote office to the terminal server at home office.
No need for VPN, access control is done using ip addrsses rules + OS authentication, and encryption can be done at the application layer in such case.

If you need only a single user to access home network from time to time, you can allow them remote control (PCAW, Remote Desktop, VNC, RADMIN, etc...) to a dedicated workstation in home office.


Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar