HI-
WE ARE CURRENTLY USING LINKSYS VPN ROUTERS FOR OUR NETWORK AND A REMOTE OFFICE BOTH RUNNING NAT. WE HAVE HAD NO LUCK GETTING A VPN CONNECTION TO WORK BETWEEN THESE TWO AND HAVE DECIDED THAT WE SHOULD UPDATE OUR FIREWALL HERE AT THE MAIN OFFICE TO A PIX 506E. THE PIX AT THE HOME OFFICE WILL HAVE A STATIC INTERNET IP AND THE REMOTE OFFICE WILL HAVE A DYNAMIC INTERNET IP.
SO....MY FIRST QUESTION IS HAS ANYONE SUCCESSFULLY SET UP A VPN CONNECTION BETWEEN A LINKSYS VPN ROUTER AND A CISCO PIX UNDER THESE CONDITIONS?
MY SECOND QUESTION -DO I REALLY HAVE TO DELVE INTO THE CLI ON THE PIX, OR WILL THE PDM DO THE JOB? WE HAVE VARIOUS INTERNAL IPS THAT WE DENY INTERNET ACCESS TO (VERY EASY TO SET UP ON THE LINKSYS)THAT DO NOT FIT NICELY INTO SUBNETS. FROM WHAT I'VE SEEN, SEEMS LIKE THE ONLY EASY WAY TO DO THIS ON THE PIX IS WITH AN ACL USING WILDCARD MASKS, AND IT WILL NOT BE THAT EASY GIVEN OUR CURRENT CHAOTIC NETWORK ADDRESSING SCHEME. OF COURSE, NO MACHINES IN THE MAIN OFFICE ARE ABLE TO ACCESS INTERNET ANYWAY UNLESS THEY ARE CONFIGURED WITH DNS AND DEFAULT GATEWAY...
MAYBE A FEW MORE SPECIFICS WILL HELP-
MAIN OFFICE PIX 506E RUNNING 6.2 AND PDM 2.0- STATIC WAN IP
NETWORK ADDRESS-131.1.1.0
CURRENT IPS WE DENY INTERNET ACCESS TO:
131.1.1.2 THRU 131.1.1.8
131.1.1.14 THRU 131.1.1.26
131.1.1.171 THRU 131.1.1.219
131.1.1.220 THRU 131.1.1.254
REMOTE OFFICE- LINKSYS BEFVP41 WITH MOST CURRENT FIRMWARE
WITH DYNAMIC WAN IP
NETWORK ADDRESS 131.1.23.0
NO ACCESS FILTERS CURRENTLY IN PLACE
DIDN'T MEAN TO GET SO LONG WINDED HERE BUT ANY GUIDANCE WOULD BE GREATLY APPRECIATED!
AMAX64
WE ARE CURRENTLY USING LINKSYS VPN ROUTERS FOR OUR NETWORK AND A REMOTE OFFICE BOTH RUNNING NAT. WE HAVE HAD NO LUCK GETTING A VPN CONNECTION TO WORK BETWEEN THESE TWO AND HAVE DECIDED THAT WE SHOULD UPDATE OUR FIREWALL HERE AT THE MAIN OFFICE TO A PIX 506E. THE PIX AT THE HOME OFFICE WILL HAVE A STATIC INTERNET IP AND THE REMOTE OFFICE WILL HAVE A DYNAMIC INTERNET IP.
SO....MY FIRST QUESTION IS HAS ANYONE SUCCESSFULLY SET UP A VPN CONNECTION BETWEEN A LINKSYS VPN ROUTER AND A CISCO PIX UNDER THESE CONDITIONS?
MY SECOND QUESTION -DO I REALLY HAVE TO DELVE INTO THE CLI ON THE PIX, OR WILL THE PDM DO THE JOB? WE HAVE VARIOUS INTERNAL IPS THAT WE DENY INTERNET ACCESS TO (VERY EASY TO SET UP ON THE LINKSYS)THAT DO NOT FIT NICELY INTO SUBNETS. FROM WHAT I'VE SEEN, SEEMS LIKE THE ONLY EASY WAY TO DO THIS ON THE PIX IS WITH AN ACL USING WILDCARD MASKS, AND IT WILL NOT BE THAT EASY GIVEN OUR CURRENT CHAOTIC NETWORK ADDRESSING SCHEME. OF COURSE, NO MACHINES IN THE MAIN OFFICE ARE ABLE TO ACCESS INTERNET ANYWAY UNLESS THEY ARE CONFIGURED WITH DNS AND DEFAULT GATEWAY...
MAYBE A FEW MORE SPECIFICS WILL HELP-
MAIN OFFICE PIX 506E RUNNING 6.2 AND PDM 2.0- STATIC WAN IP
NETWORK ADDRESS-131.1.1.0
CURRENT IPS WE DENY INTERNET ACCESS TO:
131.1.1.2 THRU 131.1.1.8
131.1.1.14 THRU 131.1.1.26
131.1.1.171 THRU 131.1.1.219
131.1.1.220 THRU 131.1.1.254
REMOTE OFFICE- LINKSYS BEFVP41 WITH MOST CURRENT FIRMWARE
WITH DYNAMIC WAN IP
NETWORK ADDRESS 131.1.23.0
NO ACCESS FILTERS CURRENTLY IN PLACE
DIDN'T MEAN TO GET SO LONG WINDED HERE BUT ANY GUIDANCE WOULD BE GREATLY APPRECIATED!
AMAX64
