Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
686
Views
0
Helpful
3
Replies

Need to creating a Secure and Isolated VPN using PIX and Cisco Routers

gmaccisco1
Level 1
Level 1

‎12-05-2006 05:37 PM - edited ‎03-05-2019 01:11 PM

Hi,

I have attached two diagram, one depicting current VPN configuration for an isolted segment of our network and the other is what we want change the current setup with.

I have not done any VPN or GRE tunnel over a point-to-point T1 involving Cisco PIX and routers. I would apprciate if someone could assist me on what I need to do as far as the type of the VPN and how to attempt doing/implementing the VPN given the devices involved.

Currently there are two VPN policies with isakamp statement in the PIX configurations. I want to change the way traffic are being sent to our emote location by ending these VPN connections over the Internet and back to our network in the remote location while we do have a backdoor to that remote location via a point to point T1.

Thanks very much in advance.

Masood

Labels:
Preview file
656 KB
Preview file
672 KB
0 Helpful
3 Replies 3

sachinraja
Level 9
Level 9

‎12-05-2006 07:22 PM

Hello masood,

Actually you can use both these circuits on a failover mode... I mean , u can use the backdoor circuit (T1) as the primary link over IPSEC.. if this link goes down, u can get the traffic via internet through IPSEC... By doing this, the traffic is both secure and highly available.. You will have the same policies (IPSEC & ISAKMP) set for both these connections. The only change u will have to do is to add a second peer (internet peer) with the existing config..

set peer x.x.x.x (intranet)

set peer y.y.y.y (internet)

on the crypto map statement..

when u do this, the router/pix first checks up with x.x.x.x for IPSEC connectivity.. if this is unreachable, it tries connecting to y.y.y.y

Hope this helps. all the best. rate replies if found useful..

Raj

0 Helpful

gmaccisco1
Level 1
Level 1
In response to sachinraja

‎12-06-2006 08:00 AM

Hi Raj,

thanks for geting back to me. so I don't have to make a VPN connection between the first PIX and gateway Internal router and again between th etweo routers at both end of the T1 and then to the pIX at the other end, correct?

can you please tell me more about the solution you are offering as far as where to apply th econfig given the picture on the proposed path, the new one. These statements are goping to be at which end?

if between the two PIXs at both ends then what will happen to th edevices in between?

Please elborate as i have not done this before.

Thx,

Masood

0 Helpful

gmaccisco1
Level 1
Level 1
In response to sachinraja

‎12-06-2006 08:02 AM

Raj,

I don't have a config for the new proposed setup. I have drawn that diag to say that this is how I want to do it. I don't know how to go about and configure this ptoposed setup.

Thx,

-m

0 Helpful
Customers Also Viewed These Support Documents