PIX 501 behind kyocera kr1 router

Discussion in 'Cisco' started by balsamo, Apr 14, 2006.

  1. balsamo

    balsamo Guest

    Hi all!

    i want to configure something like this but have no idea how to do this
    :

    i have a kyocera kr1 router on a remote office (basically like a normal
    internet router but connecting to the internet with a 1xevdo wireless
    connection) wich is connected to the internet (dynamic IP) and i would
    like to use a pix501 router to create a VPN connection to my central
    office (PIX515).

    somebody have an idea on how to do this ???

    i know how to set up a vpn connection with my pix when the PIX501 is
    directly connected to the internet, but is it possible to pass through
    the other router to achieve tha same goal ?

    any help would be greatly appreciated!
     
    balsamo, Apr 14, 2006
    #1
    1. Advertisements

  2. Walter Roberson, Apr 14, 2006
    #2
    1. Advertisements

  3. balsamo

    balsamo Guest

    thanks for the information walter.

    but what i need to do is the reverse thing : the router doing the vpn
    will be the pix et the other one will be on the internet. do i have to
    foward vpn requests on the kyocera to the pix ?
    and what kind of ip addresses do i have to put in place for the 2
    routers to communicate et pass then on the local lan ?
    i've never made something like that before...

    the order is : head office => internet => kyocera => pix => lan

    thanks for your help.
     
    balsamo, Apr 15, 2006
    #3
  4. I don't know anything about the kyocera, but the answer is very
    likely YES -- and the article I pointed to earlier tells you -what-
    needs to be forwarded in order to support particular protocols.

    You will probably find it much easier to turn on NAT-T and then
    like everything get encapsulated into UDP.
    If you turn on NAT-T on the PIX 501 then you can use private
    IP addresses between the kyocera and the PIX, provided that the
    kyocera handles NAT. If the kyocera does not do NAT then you
    will need to have two subnet ranges, one for the outside of the
    kyocera and one for the inside of the kyocera plus the outside of
    the PIX.
     
    Walter Roberson, Apr 15, 2006
    #4
  5. balsamo

    balsamo Guest

    thanks a lot!
    i'll try this !
     
    balsamo, Apr 15, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.