Internet access out from remote systems.

[tanker135]

Folks,

Presently I have a simple site to site VPN using 501's. It works great. My single access list is "access-list 101 permit ip 172.18.128.0 255.255.255.224 172.18.0.0 255.255.192.0" I need to have users at the 172.18.128.0 network (remote network) go out my firewall here at HQ. FW's address is 172.18.1.120. How can I do this with the least trouble? Thank you.

 

[themut]

You will not be able to achieve this task, the PIX is not able to route packets back on the same interface they arrived. You need to end the tunnel at a router or VPN 3K instead.

 

[dopehead]

Or, just close of the remote pix with acl's and then put up a proxy server at your site, so that they will surf/ftp from that proxy, if you use a MS IAS you will also get the benefit of the AD integration.

Jan


Network Systems Engineer
CCNA/CQS