IPSec to PIX VLAN Interface

k.alleyne · ‎05-15-2006

Hi,

I was wondering if anyone has tried implementing IPSec VPNs to a VLANed interface. I have 2 DSL connections each with only on static address. I want to pass them through a Cisco router, NAT them, and then forward the IPSec request to one of 2 Logical (VLAN) interfaces on the outside interface of the PIX. Is this something that will work?

Kelvin

a-vazquez · ‎05-19-2006

This URL should help you:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

Fernando_Meza · ‎05-20-2006

You mean .. you have your PIX outside interface connected to a switch as trunk. You have 2 VLANs linked to the outside interface. You have your VLANs interfaces NATed on the router to public addresses. You want to terminate the Ipsec on one of the VLANs .. Am I correct ..

If this is the case then it should be OK .. just make sure the PIX and router can pass IPsec and also make sure your PIX allows NAT-Traversal. The device at the other end also needs to support nat traversal.

isakmp nat-traversal 20

I hope it helps ... please rate if it does !!!

k.alleyne · ‎05-25-2006

Hi guys thanks for the reply, I actually got a PIX in house this evening so I will be upgrading the PIX 7.0(4) to 7.1 and then simulating the environment here at my office. I will let you know what happens over the next day or so.

Kelvin