Cisco VPN client through PIX firewall

Discussion in 'Cisco' started by BenLMiron, Apr 14, 2004.

  1. BenLMiron

    BenLMiron Guest

    Hi,
    I have a question about using the vpn client (version 4.0.3A) from
    behind a cisco pix fw. I have several machines that need to access
    other site vpn's from within my network. I have setup one machine
    through the our pix using the static(inside,outside) (outside
    interface public ip) (some local ip say 192.168.1.100) config and then
    allowed ip access through ACL on the outisde interface: access-list
    outside permit ip host (public remote site ip) host (outside int.
    public ip). Everything works great with that one machine that i put on
    the local ip 192.168.1.100, however i have 2 other machines that need
    to be setup using the client to access different sites. Can anyone
    recommend a routing application or a way to set up a router to allow
    multiple machines to use the client through that one public ip
    address. I have tried multiple software routing applications, none
    seem to work consistently. Thanks for any input.
    BenLMiron, Apr 14, 2004
    #1
    1. Advertising

  2. BenLMiron

    rowl Guest

    (BenLMiron) wrote in message news:<>...
    > Hi,
    > I have a question about using the vpn client (version 4.0.3A) from
    > behind a cisco pix fw. I have several machines that need to access
    > other site vpn's from within my network. I have setup one machine
    > through the our pix using the static(inside,outside) (outside
    > interface public ip) (some local ip say 192.168.1.100) config and then
    > allowed ip access through ACL on the outisde interface: access-list
    > outside permit ip host (public remote site ip) host (outside int.
    > public ip). Everything works great with that one machine that i put on
    > the local ip 192.168.1.100, however i have 2 other machines that need
    > to be setup using the client to access different sites. Can anyone
    > recommend a routing application or a way to set up a router to allow
    > multiple machines to use the client through that one public ip
    > address. I have tried multiple software routing applications, none
    > seem to work consistently. Thanks for any input.


    Setup the remote VPN concentrator to use NAT-Transparent mode feature
    (IETF Draft). Then install the cisco VPN client on all machines that
    need VPN access. This way you won't have to reserve a public IP for
    VPN access.

    It works by encapsulating ESP within UDP and sending it to a
    negotiated port. The NAT device between the VPN
    Client and VPN Concentrator will be auto−detected during IKE
    negotiation.

    Rgrds
    Rahul Sawarkar
    rowl, Apr 15, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. GVB
    Replies:
    1
    Views:
    2,762
    Martin Bilgrav
    Feb 6, 2004
  2. nordberg
    Replies:
    1
    Views:
    513
  3. Svenn
    Replies:
    3
    Views:
    707
    Svenn
    Mar 13, 2006
  4. InetSecurity
    Replies:
    0
    Views:
    1,325
    InetSecurity
    Jun 23, 2006
  5. D K
    Replies:
    4
    Views:
    457
Loading...

Share This Page