Cisco - Which Interfaces are used for VPN?

01-30-2005, 09:30 PM

Hi,

I'm creating a site to site IPSec tunnel from a PIX to a Cisco 1721. The
PIX uses nat, while the Cisco router does not.

My question is which interfaces should I use? Is the tunnel from outside to
outside interfaces?

Thanks for any help you can provide

01-31-2005, 12:29 AM

In article <XlcLd.18409$>,
<> wrote:
:I'm creating a site to site IPSec tunnel from a PIX to a Cisco 1721. The

IX uses nat, while the Cisco router does not.

:My question is which interfaces should I use? Is the tunnel from outside to

utside interfaces?

Use whatever interfaces are connected to the network through which
the two devices communicate. Usually that's the "outside" interface
on a PIX, but not always.

If the purpose of the tunnel is just to control/configure the PIX
itself, then there is an alternative: you can configure against
a different interface by marking it as a "management interface".

--
Oh, to be a Blobel!

01-31-2005, 09:43 AM

Thanks Walter! That is how I had it configure, but i can't get it to work
so I'm just double checking everything.

On my cisco router it shows that packets are being encapsulated, and it show
packets being decapsulated on the pix. Is this right? Shouldn't both ends
have packets that are both encapsulated and decapsulated?

I create the tunnel fine, but there I can't ping or surf across the tunnel.
It almost seems like the traffic is only going one way. Do you think i'm
way off base here or do you think this may be the problem

Thanks for any help you or anyone can provide.

"Walter Roberson" <> wrote in message
news:ctju5f$afe$...
> In article <XlcLd.18409$>,
> <> wrote:
> :I'm creating a site to site IPSec tunnel from a PIX to a Cisco 1721. The
>

IX uses nat, while the Cisco router does not.
>
> :My question is which interfaces should I use? Is the tunnel from outside
> to
>

utside interfaces?
>
> Use whatever interfaces are connected to the network through which
> the two devices communicate. Usually that's the "outside" interface
> on a PIX, but not always.
>
> If the purpose of the tunnel is just to control/configure the PIX
> itself, then there is an alternative: you can configure against
> a different interface by marking it as a "management interface".
>
> --
> Oh, to be a Blobel!

01-31-2005, 12:29 AM	#2
Walter Roberson Posts: n/a	Re: Which Interfaces are used for VPN? In article <XlcLd.18409$>, <> wrote: :I'm creating a site to site IPSec tunnel from a PIX to a Cisco 1721. The IX uses nat, while the Cisco router does not. :My question is which interfaces should I use? Is the tunnel from outside to utside interfaces? Use whatever interfaces are connected to the network through which the two devices communicate. Usually that's the "outside" interface on a PIX, but not always. If the purpose of the tunnel is just to control/configure the PIX itself, then there is an alternative: you can configure against a different interface by marking it as a "management interface". -- Oh, to be a Blobel!

01-31-2005, 09:43 AM	#3
Posts: n/a	Re: Which Interfaces are used for VPN? Thanks Walter! That is how I had it configure, but i can't get it to work so I'm just double checking everything. On my cisco router it shows that packets are being encapsulated, and it show packets being decapsulated on the pix. Is this right? Shouldn't both ends have packets that are both encapsulated and decapsulated? I create the tunnel fine, but there I can't ping or surf across the tunnel. It almost seems like the traffic is only going one way. Do you think i'm way off base here or do you think this may be the problem Thanks for any help you or anyone can provide. "Walter Roberson" <> wrote in message news:ctju5f$afe$... > In article <XlcLd.18409$>, > <> wrote: > :I'm creating a site to site IPSec tunnel from a PIX to a Cisco 1721. The > IX uses nat, while the Cisco router does not. > > :My question is which interfaces should I use? Is the tunnel from outside > to > utside interfaces? > > Use whatever interfaces are connected to the network through which > the two devices communicate. Usually that's the "outside" interface > on a PIX, but not always. > > If the purpose of the tunnel is just to control/configure the PIX > itself, then there is an alternative: you can configure against > a different interface by marking it as a "management interface". > > -- > Oh, to be a Blobel!

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

01-30-2005, 09:30 PM	#1
	Which Interfaces are used for VPN? Hi, I'm creating a site to site IPSec tunnel from a PIX to a Cisco 1721. The PIX uses nat, while the Cisco router does not. My question is which interfaces should I use? Is the tunnel from outside to outside interfaces? Thanks for any help you can provide