How to connect 2 offices ? (SE)

[wizbg]

Hi,

How to connect two small corporative networks with PIX Firewall 501 and PIX Firewall 506E over leased line ?

Networks is 10.10.1.0/24 (on PIX 501) and 10.10.2.0/24 (on PIX 506E)


Thanks in advance.

 

[LloydSev]

If it is a leased line, why did you not just buy two routers instead of doing this VPN?

Computer/Network Technician
CCNA

 

[LloydSev]

I guess regardless of why you didn't just use routers, you can set this up with the help of cisco..

http://www.cisco.com/en/US/products...s_configuration_example09186a0080094761.shtml

Computer/Network Technician
CCNA

 

[wizbg]

Thanks you LloydSev, but i don't want to make VPN, because i use leased line and i don't need more security.

My question is can i use PIX Firewall 501 and PIX Firewall 506E in routers mode for connect two small networks ?

 

[LloydSev]

Via just 2 PIX devices? That would be tough is possible as the PIX is not designed to be a router.

Computer/Network Technician
CCNA

 

[sillypacket]

The PIX cannot act as a CSU/DSU. You need something to connect your leased line to...a router on the outside?

 

[themut]

If you have a leased line then you need a router, the PIX only has ethernet ports and leased lines require a CSU/DSU which will give you access on a V.35 interface or other similar interface like V.24, EIA/TIA 232, etc. So there's no option but a router.

 

[wizbg]

I now understand. Thanks you very much to all.
One last question:

How to build VPN Site-to-Site between 2 small networks with PIX Firewall 501 and PIX Firewall 506E ?

I read and try this help:

http://www.cisco.com/en/US/products...s_configuration_example09186a0080094761.shtml

but PIX no connect over VPN. Where is my mistake ?

PIX 501:
interface ethernet0 auto
interface ethernet1 auto
ip address outside 212.39.65.5 255.255.255.0
ip address inside 10.10.1.0 255.255.255.0
hostname PIX501
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
isakmp key 1234 address 212.39.65.211 netmask 255.255.255.255
access-list 101 permit ip 10.10.1.0 255.255.255.0 10.10.2.0 255.255.255.0
crypto ipsec transform-set chevelle esp-des esp-md5-hmac
crypto map transam 1 ipsec-isakmp
crypto map transam 1 match address 101
crypto map transam 1 set peer 212.39.65.211
crypto map transam 1 set transform-set chevelle
crypto map transam interface outside
nat (inside) 0 access-list 101
sysopt connection permit-ipsec

PIX 506E:
interface ethernet0 auto
interface ethernet1 auto
ip address outside 212.39.65.211 255.255.255.0
ip address inside 10.10.2.0 255.255.255.0
hostname PIX501
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
isakmp key 1234 address 212.39.65.5 netmask 255.255.255.255
access-list 101 permit ip 10.10.2.0 255.255.255.0 10.10.1.0 255.255.255.0
crypto ipsec transform-set toyota esp-des esp-md5-hmac
crypto map bmw 1 ipsec-isakmp
crypto map bmw 1 match address 101
crypto map bmw 1 set peer 212.39.65.5
crypto map bmw 1 set transform-set chevelle
crypto map bmw interface outside
nat (inside) 0 access-list 101
sysopt connection permit-ipsec

Thanks again.

 

[LloydSev]

well you said you have no router, correct?

Without a router there would be no way to interface your PIX to the internet or to the other end of your leased line.

Computer/Network Technician
CCNA

 

[wizbg]

yes, I not have router.
My leased line have ethernet (RJ45) ports.