Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
1
Replies

Passing web traffic from external PIX through S2S to internal webserver

janeg
Level 1
Level 1

‎11-05-2004 03:59 AM

Hi

Is it possible to pass web traffic that hits a PIX 501 external interface through a S2S vpn to an internal web server?

This is an example configuration of what we want to achieve (IP addresses are made up):

Inbound web traffic

¦

¦

¦

212.133.133.133 Internal 10.0.1.x

PIX 501 (1)

¦S2S¦

¦S2S¦

¦S2S¦

213.133.133.133 Web Server on internal 10.0.0.1

PIX 501 (2)

We want the port 80 traffic hitting 212.122.122.122 to end up at 10.0.0.1 after passing through the tunnel.

As things stand we can ping from 10.0.2.x to 10.0.0.1 and visa versa. However when we try to add a translation rule on PIX 501 (1) to 10.0.0.1 it says that we can't translate between interfaces with the same security level (the VPN is established on the external interface which is where we are trying to do the translation).

From other stuff I have read in this forum I'm thinking that this isn't actually possible. Is this the case and if so is there any way we can do this - e.g. PIX 501 (1) being a higher-end PIX with more external interfaces.

Any advice would be gratefully appreciated!

Many thanks

Oliver

*EDIT* Sorry I made a much better diagram than this but the forum doesn't seem to understand tabs so I had to simplify it :)

Labels:
0 Helpful
1 Reply 1

umedryk
Level 5
Level 5

‎11-10-2004 01:09 PM

As far as I know, this is not possible

0 Helpful
Customers Also Viewed These Support Documents