Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VPN 3000 and PIX placement w/InternetRouter

Reply
Thread Tools

VPN 3000 and PIX placement w/InternetRouter

 
 
william
Guest
Posts: n/a
 
      05-09-2005
I am looking for design options where I will have an internet router
outside then a pix and vpn either next to each other or basically
inline. I have seen that both seem reccomended. What are your opinions
on this? Thanks!

 
Reply With Quote
 
 
 
 
Erik Tamminga
Guest
Posts: n/a
 
      05-09-2005
Hi,

We've configured our pix the following way:

Pix: (eth0) outside, P-t-P to Internet router
(eth1) inside, to internal lan
(eth2) VPNOutside, to VPN Concentrator outside interface
(eth3) VPNInside, to VPN Concentrator inside interface

This way the pix can filter both traffic from the internet to the vpn 3000
as well as traffic from the vpn 3000 to our internal lan.
You need some additional interfaces though (or use logical, vlan,
interfaces).

Erik


"william" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
>I am looking for design options where I will have an internet router
> outside then a pix and vpn either next to each other or basically
> inline. I have seen that both seem reccomended. What are your opinions
> on this? Thanks!
>



 
Reply With Quote
 
 
 
 
Richard Graves
Guest
Posts: n/a
 
      05-10-2005
"Erik Tamminga" <(E-Mail Removed)> wrote in message
news:d5ojod$7id$(E-Mail Removed)1.ov.home.nl...
> Hi,
>
> We've configured our pix the following way:
>
> Pix: (eth0) outside, P-t-P to Internet router
> (eth1) inside, to internal lan
> (eth2) VPNOutside, to VPN Concentrator outside interface
> (eth3) VPNInside, to VPN Concentrator inside interface
>
> This way the pix can filter both traffic from the internet to the vpn 3000
> as well as traffic from the vpn 3000 to our internal lan.
> You need some additional interfaces though (or use logical, vlan,
> interfaces).
>
> Erik


We have the PIX and the 3000 connected directly to a switch that connects to
the internet router. That way if traffic gets intense, we don't over-load
the PIX.

-Richard


 
Reply With Quote
 
william
Guest
Posts: n/a
 
      05-12-2005
Thanks guys. This is great information. I think that I would like the
pix to filter out first, prior to the Concentrator getting the traffic
directly from the internet.


Richard Graves wrote:
> "Erik Tamminga" <(E-Mail Removed)> wrote in message
> news:d5ojod$7id$(E-Mail Removed)1.ov.home.nl...
> > Hi,
> >
> > We've configured our pix the following way:
> >
> > Pix: (eth0) outside, P-t-P to Internet router
> > (eth1) inside, to internal lan
> > (eth2) VPNOutside, to VPN Concentrator outside interface
> > (eth3) VPNInside, to VPN Concentrator inside interface
> >
> > This way the pix can filter both traffic from the internet to the

vpn 3000
> > as well as traffic from the vpn 3000 to our internal lan.
> > You need some additional interfaces though (or use logical, vlan,
> > interfaces).
> >
> > Erik

>
> We have the PIX and the 3000 connected directly to a switch that

connects to
> the internet router. That way if traffic gets intense, we don't

over-load
> the PIX.
>
> -Richard


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN PIX-_static PIX ; PIX-dynamic_PIX ; VPN Client Svenn Cisco 3 03-13-2006 09:25 AM
VPN 3000 Concentrator and Microsoft VPN Client Eitan Cisco 0 03-05-2006 09:30 AM
vpn redundancy PIX and 3000 series jbeez Cisco 5 12-09-2005 08:36 PM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM
PIX VPN and NAT pb with Cisco 3000 concentrator filip Cisco 2 11-20-2003 08:58 AM



Advertisments