VPN between Pix firewall behind SpeedTouch ADSL and another PIX

Discussion in 'Cisco' started by DarkoN, Oct 10, 2006.

  1. DarkoN

    DarkoN Guest

    Hi everyone,

    I am new at VPN with Pix. Have a very tricky situation.
    On one side I have a PIX Firewall 501-6.2(2) with public IP address,
    and on the other side I have a SpeedTouch with Dynamic IP and behind
    that speedtouch another Pix 501- 6.3(5)Firewall.
    I want to enable users from the SpeedTouch side to access VPN on the
    Public Pix.
    THe public pix is already configured to accept PPTP VPN clients.
    THe idea was to configure Site-to-Site VPN or Easy VPN connection from
    the Remote Pix behind the SpeedTouch to Public Pix.
    At first I had trouble with the SpeedTouch. It had ESP on port 1
    instead of 50.
    Found tools to disable the Firewall.
    Made an Easy VPN configuration on the remote Pix, and tried configuring
    the Public pix as Easy VPN Server.
    But i found that when configuring the Public pix for easy vpn it
    doesn't accept PPTP users any more.
    PPTP users make the connection, but can't access anything on hte
    private net behind the Public Pix, as if they aren't even connected. No
    ping, or anything. They get a legitimate Private IP from the PIX's
    DHCP.
    After removing the IKE and crypto maps I can normally make a VPN PPTP
    connection again.

    The question are:
    1. Can I configure the 2 Pix firewalls for Easy VPN or Site to Site
    VPN?
    The remote Pix is behind a SpeedTouch modem that uses PPPoE connection.

    Do I have to change the SpeedTouch into bridge mode for this to work?

    2. Can I make an PPTP VPN connection from behind the SpeedTouch as a
    client? This is as plan B if i can't configure Easy VPN or Site-to-Site
    between the PIX Firewalls.

    I tried both scenarios, but couldn't make them work.

    Thank you in advance
     
    DarkoN, Oct 10, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bert Roos
    Replies:
    1
    Views:
    2,815
    John Rennie
    Apr 9, 2004
  2. Ned Hart
    Replies:
    0
    Views:
    879
    Ned Hart
    Jun 6, 2004
  3. D K
    Replies:
    4
    Views:
    477
  4. dhsanders

    pix 501 / VPN / Speedtouch ADSL(?)

    dhsanders, Jul 10, 2007, in forum: Cisco
    Replies:
    1
    Views:
    1,485
    dhsanders
    Jul 11, 2007
  5. teodor
    Replies:
    0
    Views:
    1,521
    teodor
    Aug 20, 2009
Loading...

Share This Page