PIX VPN client-to-client routing: clever ways?

Discussion in 'Cisco' started by Jay Levitt, Jan 21, 2006.

  1. Jay Levitt

    Jay Levitt Guest

    I've got a PIX-501 (running 6.3(5)) on a small server network, with no
    other inside router. I use the Cisco VPN client to connect our office
    computers to this network. I also use the VPN client from
    home/Starbucks/etc to get access to the servers. Our office computers have
    no fixed address and are behind a firewall (which I don't control), and it
    occured to me that I might be able to use the VPN to allow home access to
    the office computers.

    By itself, the PIX can't do this, since you can't route in and out the same
    interface until 7.0, which the 501 can't run.

    Can someone think of a clever way to use one of the internal Linux boxes as
    a router or proxy to enable client-to-client access? Performance isn't a
    big issue; this is just so administrators can remotely access our office
    machines in an emergency. I saw an old post from Walter recommending a
    different solution, but that involved an external router, and (presumably)
    a PIX with more than the two interfaces of the 501. We don't have the
    budget for another router, and if I did, I'd probably just upgrade to the
    515 anyway.

    Jay Levitt
    Jay Levitt, Jan 21, 2006
    #1
    1. Advertising

  2. In article <1062pcut2ogzc$>, Jay Levitt <> wrote:
    >By itself, the PIX can't do this, since you can't route in and out the same
    >interface until 7.0, which the 501 can't run.


    >Can someone think of a clever way to use one of the internal Linux boxes as
    >a router or proxy to enable client-to-client access?


    Sure, there's lots of different ways to do that. Just have the
    Linux boxes NAT the packet source into the local internal IP address
    range and the PIX will take care of the rest.

    >Performance isn't a
    >big issue; this is just so administrators can remotely access our office
    >machines in an emergency. I saw an old post from Walter recommending a
    >different solution, but that involved an external router, and (presumably)
    >a PIX with more than the two interfaces of the 501. We don't have the
    >budget for another router, and if I did, I'd probably just upgrade to the
    >515 anyway.


    There's an approach that would use a second PIX 501, or any other
    IPSec security gateway such as the Linksys BEFVP41.
    Walter Roberson, Jan 21, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. GVB
    Replies:
    1
    Views:
    2,762
    Martin Bilgrav
    Feb 6, 2004
  2. Nick
    Replies:
    2
    Views:
    2,371
  3. Svenn
    Replies:
    3
    Views:
    707
    Svenn
    Mar 13, 2006
  4. Bob Thomas

    Who has a clever idea for storing AAs ?

    Bob Thomas, Mar 2, 2004, in forum: Digital Photography
    Replies:
    127
    Views:
    1,903
    John Navas
    Mar 7, 2004
  5. Veggie
    Replies:
    13
    Views:
    595
Loading...

Share This Page