PIX VPN client-to-client routing: clever ways?

Discussion in 'Cisco' started by Jay Levitt, Jan 21, 2006.

  1. Jay Levitt

    Jay Levitt Guest

    I've got a PIX-501 (running 6.3(5)) on a small server network, with no
    other inside router. I use the Cisco VPN client to connect our office
    computers to this network. I also use the VPN client from
    home/Starbucks/etc to get access to the servers. Our office computers have
    no fixed address and are behind a firewall (which I don't control), and it
    occured to me that I might be able to use the VPN to allow home access to
    the office computers.

    By itself, the PIX can't do this, since you can't route in and out the same
    interface until 7.0, which the 501 can't run.

    Can someone think of a clever way to use one of the internal Linux boxes as
    a router or proxy to enable client-to-client access? Performance isn't a
    big issue; this is just so administrators can remotely access our office
    machines in an emergency. I saw an old post from Walter recommending a
    different solution, but that involved an external router, and (presumably)
    a PIX with more than the two interfaces of the 501. We don't have the
    budget for another router, and if I did, I'd probably just upgrade to the
    515 anyway.

    Jay Levitt
    Jay Levitt, Jan 21, 2006
    1. Advertisements

  2. Sure, there's lots of different ways to do that. Just have the
    Linux boxes NAT the packet source into the local internal IP address
    range and the PIX will take care of the rest.
    There's an approach that would use a second PIX 501, or any other
    IPSec security gateway such as the Linksys BEFVP41.
    Walter Roberson, Jan 21, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.