Pix-Pix vpn via cisco 828 router

Discussion in 'Cisco' started by Ants, Nov 17, 2004.

  1. Ants

    Ants Guest

    Hi,
    want to know if the following might be possible...

    192.168.21.x/24)clientAsite------(192.168.21.1)pix(82.211.144.54)-----(2mb
    sdsl)-------wwww----------(2mb
    sdsl)---(82.211.172.23)cisco828(???)-------(???)pix(192.168.0.1)--------clie
    ntBsite(192.168.0.x/24)

    cisco282 does not support vpn

    can i configure VPN from pix to pix?

    need to know if i should apply for another public IP range for IPs marked
    ???? or can i use any private range.
    thanks in advance
     
    Ants, Nov 17, 2004
    #1
    1. Advertising

  2. In article <>,
    Ants <> wrote:
    :want to know if the following might be possible...

    :192.168.21.x/24)clientAsite------(192.168.21.1)pix(82.211.144.54)-----
    :(2mb sdsl)-------wwww----------(2mb sdsl)---
    :(82.211.172.23)cisco828(???)-------(???)pix(192.168.0.1)--------
    :clientBsite(192.168.0.x/24)

    :cisco282 does not support vpn

    :can i configure VPN from pix to pix?

    Yes.


    :need to know if i should apply for another public IP range for IPs marked
    :???? or can i use any private range.

    You can use a private IP on the outside of a PIX as long as either

    a) you are doing so entirely within a network that routes that IP; or

    b) you NAT the private IP of the PIX into a public IP at the next
    convenient hop out. When you do this, the other PIX should set its
    peer to be the public IP you nat'd to.

    As long as the packets can get from one pix to the other somehow,
    you can make it work.

    Note: if you want to use AH, you cannot use NAT, unless you use
    a relatively recent PIX version and turn on isakmp nat-traversal 20
    and make sure UDP ports 4500 are open to both PIXes. If
    nat-traversal is on, the PIX can detect NAT along the route, and will
    encapsulate AH into UDP if need be.
    --
    Most Windows users will run any old attachment you send them, so if
    you want to implicate someone you can just send them a Trojan
    -- Adam Langley
     
    Walter Roberson, Nov 18, 2004
    #2
    1. Advertising

  3. Ants

    Ants Guest

    -----------------------------------------
    thanks for the reply..
    i've changed the ips as below...

    192.168.21.x/24)clientAsite------(192.168.21.1)pixA(82.211.144.54)-----(2mb
    sdsl)-------wwww----------(2mb sdsl)---
    (82.211.172.23)cisco828(10.10.10.1)-------(10.10.10.2)pixB(192.168.0.1)-----
    ---clientBsite(192.168.0.x/24)

    however on pixB vpn peer is configured as 82.211.144.54
    what Peer do i configure on PixB?
    fully routed IP network... no natting configured... is this my problem?
    should i configure NAt on 828 rtr at site B for 10.10.10.2?

    thanks in advance.
    ------------------------------



    -cnrc.gc.ca (Walter Roberson) wrote in message news:<cnh91u$4ji$>...
    > In article <>,
    > Ants <> wrote:
    > :want to know if the following might be possible...
    >
    > :192.168.21.x/24)clientAsite------(192.168.21.1)pix(82.211.144.54)-----
    > :(2mb sdsl)-------wwww----------(2mb sdsl)---
    > :(82.211.172.23)cisco828(???)-------(???)pix(192.168.0.1)--------
    > :clientBsite(192.168.0.x/24)
    >
    > :cisco282 does not support vpn
    >
    > :can i configure VPN from pix to pix?
    >
    > Yes.
    >
    >
    > :need to know if i should apply for another public IP range for IPs marked
    > :???? or can i use any private range.
    >
    > You can use a private IP on the outside of a PIX as long as either
    >
    > a) you are doing so entirely within a network that routes that IP; or
    >
    > b) you NAT the private IP of the PIX into a public IP at the next
    > convenient hop out. When you do this, the other PIX should set its
    > peer to be the public IP you nat'd to.
    >
    > As long as the packets can get from one pix to the other somehow,
    > you can make it work.
    >
    > Note: if you want to use AH, you cannot use NAT, unless you use
    > a relatively recent PIX version and turn on isakmp nat-traversal 20
    > and make sure UDP ports 4500 are open to both PIXes. If
    > nat-traversal is on, the PIX can detect NAT along the route, and will
    > encapsulate AH into UDP if need be.
     
    Ants, Nov 30, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ejikn
    Replies:
    1
    Views:
    657
    Ivan Ostres
    Jan 9, 2004
  2. Remco Bressers

    Cisco 828 Remote VPN

    Remco Bressers, Jan 19, 2004, in forum: Cisco
    Replies:
    1
    Views:
    399
    Fahrvergnugen
    Jan 20, 2004
  3. R. Bressers

    Cisco 828 Remote VPN

    R. Bressers, Mar 3, 2004, in forum: Cisco
    Replies:
    4
    Views:
    1,924
    R. Bressers
    Mar 5, 2004
  4. Lars L. Christensen

    G.SHDSL 828-to-828

    Lars L. Christensen, Dec 16, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,353
    Igor MamuziƦ
    Dec 17, 2004
  5. GlasWolf

    PIX to ISA VPN via Cisco 828

    GlasWolf, Jul 3, 2005, in forum: Cisco
    Replies:
    1
    Views:
    2,260
    GlasWolf
    Jul 6, 2005
Loading...

Share This Page