pix 501 to pix 506 easy vpn

Discussion in 'Cisco' started by fredrikmagnil, May 18, 2006.

  1. Hi.

    We´ve got a cisco pix 506 firewall at our main office and a pix 501 at
    another branch office. I want to connect these two to each other using
    the 506 as an easy vpn server, so that it seems like the clients at the
    branch office are in the same network as the main office. It probably
    isn't that hard, but since I'm kinda new to this I would like some
    guidance.

    The IP numbers are modified, but the firewalls are setup kinda like
    this:

    Main office:
    Cisco pix 506 with static external IP: 209.165.201.8
    Inside IP: 10.10.10.7

    Branch office:
    Cisxo pix 501 with static external IP: 209.165.200.229
    Inside IP: 10.10.20.1


    Thanks in advance.
     
    fredrikmagnil, May 18, 2006
    #1
    1. Advertisements

  2. How important is it that they appear to be on the same network?
    It is much easier to set up if they appear to be on different networks.

    Since the PIX 501 and PIX 506 are only Layer 3 firewalls at
    present, you aren't going to get ARP or NETBIOS broadcasts through
    the VPN, so they aren't really going to appear to be on the same
    network anyhow.

    If you need Layer 2 Transparent VPN then you need PIX 515/515E,
    525, 535, or a Cisco ASA; alternately, some of the newer Cisco IOS
    versions support it (and on IOS versions that don't, there's always gre
    encapsulation.)
     
    Walter Roberson, May 18, 2006
    #2
    1. Advertisements

  3. fredrikmagnil

    Rob Guest

    Have you got a server at the main office? If so, setup an ipsec tunnel
    between the offices and log people onto your domain. You don't need the easy
    vpn server and the pix units will do fine.


    Hi.

    We´ve got a cisco pix 506 firewall at our main office and a pix 501 at
    another branch office. I want to connect these two to each other using
    the 506 as an easy vpn server, so that it seems like the clients at the
    branch office are in the same network as the main office. It probably
    isn't that hard, but since I'm kinda new to this I would like some
    guidance.


    The IP numbers are modified, but the firewalls are setup kinda like
    this:

    Main office:
    Cisco pix 506 with static external IP: 209.165.201.8
    Inside IP: 10.10.10.7

    Branch office:
    Cisxo pix 501 with static external IP: 209.165.200.229
    Inside IP: 10.10.20.1


    Thanks in advance.
     
    Rob, May 19, 2006
    #3
  4. Well, I guess it isn't very important that they appear to be on the
    same network. Just as long as the users at the branch office can access
    files on the server at the main office, and vice versa.

    Yes Rob, we've got servers at both locations, both are in the same
    domain. So all users will log on to the same domain. What I want to
    achieve here is being able to control all servers from one location,
    including shared folders, users etc. I want to be able to see all the
    users when I look in active directory on the main office server,
    including the ones that are sitting at the branch office. I guess I
    would have to replicate the users database from the branch office
    server to do this? Will this ipsec tunnel allow me to do all this?
     
    fredrikmagnil, May 22, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.