Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX VPN client-to-client routing: clever ways?

Reply
Thread Tools

PIX VPN client-to-client routing: clever ways?

 
 
Jay Levitt
Guest
Posts: n/a
 
      01-21-2006
I've got a PIX-501 (running 6.3(5)) on a small server network, with no
other inside router. I use the Cisco VPN client to connect our office
computers to this network. I also use the VPN client from
home/Starbucks/etc to get access to the servers. Our office computers have
no fixed address and are behind a firewall (which I don't control), and it
occured to me that I might be able to use the VPN to allow home access to
the office computers.

By itself, the PIX can't do this, since you can't route in and out the same
interface until 7.0, which the 501 can't run.

Can someone think of a clever way to use one of the internal Linux boxes as
a router or proxy to enable client-to-client access? Performance isn't a
big issue; this is just so administrators can remotely access our office
machines in an emergency. I saw an old post from Walter recommending a
different solution, but that involved an external router, and (presumably)
a PIX with more than the two interfaces of the 501. We don't have the
budget for another router, and if I did, I'd probably just upgrade to the
515 anyway.

Jay Levitt
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      01-21-2006
In article <1062pcut2ogzc$(E-Mail Removed)>, Jay Levitt <(E-Mail Removed)> wrote:
>By itself, the PIX can't do this, since you can't route in and out the same
>interface until 7.0, which the 501 can't run.


>Can someone think of a clever way to use one of the internal Linux boxes as
>a router or proxy to enable client-to-client access?


Sure, there's lots of different ways to do that. Just have the
Linux boxes NAT the packet source into the local internal IP address
range and the PIX will take care of the rest.

>Performance isn't a
>big issue; this is just so administrators can remotely access our office
>machines in an emergency. I saw an old post from Walter recommending a
>different solution, but that involved an external router, and (presumably)
>a PIX with more than the two interfaces of the 501. We don't have the
>budget for another router, and if I did, I'd probably just upgrade to the
>515 anyway.


There's an approach that would use a second PIX 501, or any other
IPSec security gateway such as the Linksys BEFVP41.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN PIX-_static PIX ; PIX-dynamic_PIX ; VPN Client Svenn Cisco 3 03-13-2006 09:25 AM
PIX-to-PIX vpn + remote Access VPN not working Marko Uusitalo Cisco 1 04-11-2005 12:45 PM
mixing pix-to-pix vpn and pptp-dial-in-vpn on pix501 Tom Cisco 4 11-17-2004 02:18 PM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM
PIX to PIX to PIX meshed VPN Richard Cisco 1 11-15-2003 07:41 AM



Advertisments