Cisco VPN client through PIX firewall

Discussion in 'Cisco' started by BenLMiron, Apr 14, 2004.

  1. BenLMiron

    BenLMiron Guest

    Hi,
    I have a question about using the vpn client (version 4.0.3A) from
    behind a cisco pix fw. I have several machines that need to access
    other site vpn's from within my network. I have setup one machine
    through the our pix using the static(inside,outside) (outside
    interface public ip) (some local ip say 192.168.1.100) config and then
    allowed ip access through ACL on the outisde interface: access-list
    outside permit ip host (public remote site ip) host (outside int.
    public ip). Everything works great with that one machine that i put on
    the local ip 192.168.1.100, however i have 2 other machines that need
    to be setup using the client to access different sites. Can anyone
    recommend a routing application or a way to set up a router to allow
    multiple machines to use the client through that one public ip
    address. I have tried multiple software routing applications, none
    seem to work consistently. Thanks for any input.
     
    BenLMiron, Apr 14, 2004
    #1
    1. Advertisements

  2. BenLMiron

    rowl Guest

    Setup the remote VPN concentrator to use NAT-Transparent mode feature
    (IETF Draft). Then install the cisco VPN client on all machines that
    need VPN access. This way you won't have to reserve a public IP for
    VPN access.

    It works by encapsulating ESP within UDP and sending it to a
    negotiated port. The NAT device between the VPN
    Client and VPN Concentrator will be auto−detected during IKE
    negotiation.

    Rgrds
    Rahul Sawarkar
     
    rowl, Apr 15, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.