Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Pix-Pix vpn via cisco 828 router

Reply
Thread Tools

Pix-Pix vpn via cisco 828 router

 
 
Ants
Guest
Posts: n/a
 
      11-17-2004
Hi,
want to know if the following might be possible...

192.168.21.x/24)clientAsite------(192.168.21.1)pix(82.211.144.54)-----(2mb
sdsl)-------wwww----------(2mb
sdsl)---(82.211.172.23)cisco828(???)-------(???)pix(192.168.0.1)--------clie
ntBsite(192.168.0.x/24)

cisco282 does not support vpn

can i configure VPN from pix to pix?

need to know if i should apply for another public IP range for IPs marked
???? or can i use any private range.
thanks in advance
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      11-18-2004
In article <(E-Mail Removed) >,
Ants <(E-Mail Removed)> wrote:
:want to know if the following might be possible...

:192.168.21.x/24)clientAsite------(192.168.21.1)pix(82.211.144.54)-----
2mb sdsl)-------wwww----------(2mb sdsl)---
82.211.172.23)cisco828(???)-------(???)pix(192.168.0.1)--------
:clientBsite(192.168.0.x/24)

:cisco282 does not support vpn

:can i configure VPN from pix to pix?

Yes.


:need to know if i should apply for another public IP range for IPs marked
??? or can i use any private range.

You can use a private IP on the outside of a PIX as long as either

a) you are doing so entirely within a network that routes that IP; or

b) you NAT the private IP of the PIX into a public IP at the next
convenient hop out. When you do this, the other PIX should set its
peer to be the public IP you nat'd to.

As long as the packets can get from one pix to the other somehow,
you can make it work.

Note: if you want to use AH, you cannot use NAT, unless you use
a relatively recent PIX version and turn on isakmp nat-traversal 20
and make sure UDP ports 4500 are open to both PIXes. If
nat-traversal is on, the PIX can detect NAT along the route, and will
encapsulate AH into UDP if need be.
--
Most Windows users will run any old attachment you send them, so if
you want to implicate someone you can just send them a Trojan
-- Adam Langley
 
Reply With Quote
 
 
 
 
Ants
Guest
Posts: n/a
 
      11-30-2004
-----------------------------------------
thanks for the reply..
i've changed the ips as below...

192.168.21.x/24)clientAsite------(192.168.21.1)pixA(82.211.144.54)-----(2mb
sdsl)-------wwww----------(2mb sdsl)---
(82.211.172.23)cisco828(10.10.10.1)-------(10.10.10.2)pixB(192.168.0.1)-----
---clientBsite(192.168.0.x/24)

however on pixB vpn peer is configured as 82.211.144.54
what Peer do i configure on PixB?
fully routed IP network... no natting configured... is this my problem?
should i configure NAt on 828 rtr at site B for 10.10.10.2?

thanks in advance.
------------------------------



http://www.velocityreviews.com/forums/(E-Mail Removed)-cnrc.gc.ca (Walter Roberson) wrote in message news:<cnh91u$4ji$(E-Mail Removed)>...
> In article <(E-Mail Removed) >,
> Ants <(E-Mail Removed)> wrote:
> :want to know if the following might be possible...
>
> :192.168.21.x/24)clientAsite------(192.168.21.1)pix(82.211.144.54)-----
> 2mb sdsl)-------wwww----------(2mb sdsl)---
> 82.211.172.23)cisco828(???)-------(???)pix(192.168.0.1)--------
> :clientBsite(192.168.0.x/24)
>
> :cisco282 does not support vpn
>
> :can i configure VPN from pix to pix?
>
> Yes.
>
>
> :need to know if i should apply for another public IP range for IPs marked
> ??? or can i use any private range.
>
> You can use a private IP on the outside of a PIX as long as either
>
> a) you are doing so entirely within a network that routes that IP; or
>
> b) you NAT the private IP of the PIX into a public IP at the next
> convenient hop out. When you do this, the other PIX should set its
> peer to be the public IP you nat'd to.
>
> As long as the packets can get from one pix to the other somehow,
> you can make it work.
>
> Note: if you want to use AH, you cannot use NAT, unless you use
> a relatively recent PIX version and turn on isakmp nat-traversal 20
> and make sure UDP ports 4500 are open to both PIXes. If
> nat-traversal is on, the PIX can detect NAT along the route, and will
> encapsulate AH into UDP if need be.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX to ISA VPN via Cisco 828 GlasWolf Cisco 1 07-06-2005 02:27 PM
G.SHDSL 828-to-828 Lars L. Christensen Cisco 2 12-17-2004 03:40 PM
Cisco 828 Remote VPN R. Bressers Cisco 4 03-05-2004 09:43 AM
Cisco 828 Remote VPN Remco Bressers Cisco 1 01-20-2004 04:15 PM
QoS on Cisco 828 Router and PIX 515 ejikn Cisco 1 01-09-2004 02:49 PM



Advertisments