Incoming VPN and site to site VPN problems

Discussion in 'Cisco' started by Nathan Simpson, Aug 14, 2004.

  1. Hi,

    We have a 506E running 6.3.4

    We only have 1 IP address to play with so we use PAT on the outside
    interface.

    Can we have PPTP and IPSEC enable on the outside interface to allow incoming
    VPN connections and also enable a IPSEC VPN tunnel to another PIX? Which may
    also turn into a 2nd VPN tunnel if another site comes online.

    If so, how.

    Every time I run the "crypto map xxx interface outside" command things seem
    to stop working.

    I have heard about VLANs but I am not quite sure how they fit into our
    situtaion as we only have 1 IP address.

    TIA

    Nathan
     
    Nathan Simpson, Aug 14, 2004
    #1
    1. Advertisements

  2. Nathan Simpson

    PES Guest

    "Nathan Simpson" <> wrote in message
    news:M6oTc.57379$...
    > Hi,
    >
    > We have a 506E running 6.3.4
    >
    > We only have 1 IP address to play with so we use PAT on the outside
    > interface.
    >
    > Can we have PPTP and IPSEC enable on the outside interface to allow
    > incoming
    > VPN connections and also enable a IPSEC VPN tunnel to another PIX? Which
    > may
    > also turn into a 2nd VPN tunnel if another site comes online.
    >
    > If so, how.
    >
    > Every time I run the "crypto map xxx interface outside" command things
    > seem
    > to stop working.
    >
    > I have heard about VLANs but I am not quite sure how they fit into our
    > situtaion as we only have 1 IP address.
    >
    > TIA
    >
    > Nathan


    All should not be a problem. However PPTP and IPSec clients terminating on
    the PIX will not have access to the other tunnels. If everything is
    stopping when you apply the crypto map, your crypto acl is probably not
    right. The only limitation that I can think of right off is that if the
    outside interface is terminating pppoe, pptp is not permitted. I have not
    exhaustively tested the pptp and ipsec together, but I have had a PIX
    configured to accept pptp and ipsec clients with no problems. I did not
    stress test it though.
     
    PES, Aug 14, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.