VPN 3000 and PIX placement w/InternetRouter

Discussion in 'Cisco' started by william, May 9, 2005.

  1. william

    william Guest

    I am looking for design options where I will have an internet router
    outside then a pix and vpn either next to each other or basically
    inline. I have seen that both seem reccomended. What are your opinions
    on this? Thanks!
     
    william, May 9, 2005
    #1
    1. Advertising

  2. Hi,

    We've configured our pix the following way:

    Pix: (eth0) outside, P-t-P to Internet router
    (eth1) inside, to internal lan
    (eth2) VPNOutside, to VPN Concentrator outside interface
    (eth3) VPNInside, to VPN Concentrator inside interface

    This way the pix can filter both traffic from the internet to the vpn 3000
    as well as traffic from the vpn 3000 to our internal lan.
    You need some additional interfaces though (or use logical, vlan,
    interfaces).

    Erik


    "william" <> wrote in message
    news:...
    >I am looking for design options where I will have an internet router
    > outside then a pix and vpn either next to each other or basically
    > inline. I have seen that both seem reccomended. What are your opinions
    > on this? Thanks!
    >
     
    Erik Tamminga, May 9, 2005
    #2
    1. Advertising

  3. "Erik Tamminga" <> wrote in message
    news:d5ojod$7id$1.ov.home.nl...
    > Hi,
    >
    > We've configured our pix the following way:
    >
    > Pix: (eth0) outside, P-t-P to Internet router
    > (eth1) inside, to internal lan
    > (eth2) VPNOutside, to VPN Concentrator outside interface
    > (eth3) VPNInside, to VPN Concentrator inside interface
    >
    > This way the pix can filter both traffic from the internet to the vpn 3000
    > as well as traffic from the vpn 3000 to our internal lan.
    > You need some additional interfaces though (or use logical, vlan,
    > interfaces).
    >
    > Erik


    We have the PIX and the 3000 connected directly to a switch that connects to
    the internet router. That way if traffic gets intense, we don't over-load
    the PIX.

    -Richard
     
    Richard Graves, May 10, 2005
    #3
  4. william

    william Guest

    Re: VPN 3000 and PIX placement w/InternetRouter

    Thanks guys. This is great information. I think that I would like the
    pix to filter out first, prior to the Concentrator getting the traffic
    directly from the internet.


    Richard Graves wrote:
    > "Erik Tamminga" <> wrote in message
    > news:d5ojod$7id$1.ov.home.nl...
    > > Hi,
    > >
    > > We've configured our pix the following way:
    > >
    > > Pix: (eth0) outside, P-t-P to Internet router
    > > (eth1) inside, to internal lan
    > > (eth2) VPNOutside, to VPN Concentrator outside interface
    > > (eth3) VPNInside, to VPN Concentrator inside interface
    > >
    > > This way the pix can filter both traffic from the internet to the

    vpn 3000
    > > as well as traffic from the vpn 3000 to our internal lan.
    > > You need some additional interfaces though (or use logical, vlan,
    > > interfaces).
    > >
    > > Erik

    >
    > We have the PIX and the 3000 connected directly to a switch that

    connects to
    > the internet router. That way if traffic gets intense, we don't

    over-load
    > the PIX.
    >
    > -Richard
     
    william, May 12, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. filip
    Replies:
    2
    Views:
    2,398
    filip
    Nov 20, 2003
  2. GVB
    Replies:
    1
    Views:
    2,842
    Martin Bilgrav
    Feb 6, 2004
  3. jbeez
    Replies:
    5
    Views:
    1,617
    Walter Roberson
    Dec 9, 2005
  4. Eitan
    Replies:
    0
    Views:
    510
    Eitan
    Mar 5, 2006
  5. Svenn
    Replies:
    3
    Views:
    742
    Svenn
    Mar 13, 2006
Loading...

Share This Page