Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Vpn client

Status
Not open for further replies.

eTTan

Technical User
Mar 1, 2001
31
SE
Hi all!

I have a small problem that i'm curios if it would work, if i configure my pix 501 to use ipsec or pptp for the vpn client, will two clients be able to connect to each other.
Or is it impossible for the pix to route back traffic on the same interface?

Is there anywway to get this to work?

Thanks!
 
From what I understand your presumption that it could not route traffic between the 2 devices is true.

But I do not see why they could not be routed to each other if there was a router on the LAN side of the PIX. As the PIX would send traffic from the Client A to the LAN destined for Client B, the router would turn around and route it back to the PIX. Which should accept it for Client B and send it to them. Thus completing the circle.

But I could be way off too.

good luck testing that out.

eddievenus
 
Ok, i have an 800 router i will try that..
 
hum, doesn't get i to work.

It's like this, pix's lan ip 172.16.1.254 and the router has 172.16.1.1 and the vpn clients gets 172.16.1.10-20.
Clients can reach the router but the clients cant reach each other.

How would the routing config look like in both the pix and the router to get this to work.

 
Hi All!

Is this possible or not?

Is there any way to get client to client vpn connectivity with a Cisco PIX 501?

Thanks for any answers!!

 
First off can you change the IPs that you are handing out? can you hand out a different block of IPs like 172.16.1.17-172.16.1.30? This will allow this next thing to possibly work.

Put an ip route statement into the router to point all traffic destined for 172.16.1.16 255.255.255.240 towards the PIX. This might do the trick, since the router now is just seeing it as local traffic and not sending it any place, even back to the PIX. This routing statement however should force it back to the PIX. This is the only way to know if this is going to work that I have thought of yet.

gook luck, and let me know what happens.

Eddie Venus
 
eTTan

Do you mind me asking why you would want to connect client to client? It seem like you are tyring to create holes in your security plan.

Jacob
 
Hi!

Eddie: I'll tried it but it didn't work, thank for your reply :(

Jacob: This is a little bit nerdish but what the hell, there is a flightsim, that me and my pals wanted to fly online but it only support lan game... ;)

So that's it, would be fun to make it work...

 
You would need to terminate the VPN tunnel either on a router or VPN concentrator to make it work. The PIX is not able to route packets back on the same interface they arrived.
 
Ok, do you have any sample configs on that, i have tried it but i didn't make it work.

I have a Cisco PIX 501 and a Cisco 801 router.
 
you may be stuck here. you will need a bigger router to do IPsec tunnels to it, and the PIX will not do what you want it to do here. What you can do is terminate MS pptp VPNs to a win2k server if you have one, on the LAN and have it hand out local addresses. But if you do not have a copy of NT4 server win2K server or 2003 server edition lying around you might be out of luck here. Sorry. It was worth a try. Hope you find a way.
 
Ok, i have plenty of copies, i'll try that.. ;)

Thanks!!!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top