Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
4
Replies

Mixture of Frame Relay and VPN

mlawson
Level 1
Level 1

‎01-17-2005 08:39 PM - edited ‎02-21-2020 01:33 PM

I have a situation where a remote network (a) that is connected to corp office via frame relay needs to access remote network (b) that is connected to corp office via vpn (pix to pix).

Remote(a)-->FRelay-->Corp1721-->pix515-->internet

internet<--vpn<--pix501<--Remote(b)

From what I have researched the above is not possible due to the routing limitations of the pix firewall. Is this true?

Thanks

Labels:
0 Helpful
4 Replies 4

ehirsel
Level 6
Level 6

‎01-18-2005 08:26 AM

What the pix cannot do is take traffic arriving on one interface and send it back out the same interface, and it does not matter what interface it is (inside, outside, perimiter). In your topology the traffic from network a will arrive on one interface and will be sent to network b via another interface, so this should work.

What you need to do is to modify the existing vpn config on both pix units to allow the 2 networks to see each other, and you may need to bypass nat but that will depend upon your security policy, dns/wins info among other things.

Let me know if this helps. In particular check that I understand your topology correctly - the pix interface at the corp. office that the vpn connection terminates is the outside interface (same one used for inet access), and that traffic from the corp. net and remote site a enters the pix on the inside interface.

0 Helpful

mlawson
Level 1
Level 1
In response to ehirsel

‎01-20-2005 06:29 AM

Thank you for your reply. Yes the traffic from Remote (a) and Corp enters the pix on the inside interface and gets routed to the outside interface for internet traffic. Yes the outside interface is the vpn connection end point for Remote (b). I have applied remote(a) network to both pix access-list but still unsuccessful. I have 2 access-list on both pixes - One to allow the traffic to pass and the other to no-nat the traffic. I will look at the configs again to make sure I have not made a mistake and try again.

0 Helpful

ehirsel
Level 6
Level 6
In response to mlawson

‎01-20-2005 07:21 PM

If you still run into any issues, post both pix configs as well as the router config here. Scrub out any sensitive info.

0 Helpful

mlawson
Level 1
Level 1
In response to ehirsel

‎01-21-2005 01:41 PM

ok will do I am going to work on the configs this weekend and will post my results. thanks

0 Helpful
Customers Also Viewed These Support Documents