cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
272
Views
0
Helpful
1
Replies

PIX and IPSec.

pavlos
Level 1
Level 1

I have a general question regarding IP Sec capabilities. Currently I am using a Cisco 1710 with FW features to implement a couple of IPSec tunnels to remote sites.

Followed is a part of this configuration:

!---------------

crypto map test local-address Loopback0

crypto map test 1 ipsec-manual

set peer 10.145.100.1

set session-key inbound esp 1050 authenticator 0123456789ABCDEF0123456789ABCDEF

set session-key outbound esp 1051 authenticator 0123456789ABCDEF0123456789ABCDEF

set transform-set testTRANS

match address 100

!----------------

Now suppose I want to replase with a PIX firewall and want to keep existing configuration. What I forget to mention is that the 1710 router belongs to my internal LAN has private addresses on both interfaces and can only be accressed for IPSEC through public loopback address. Can PIX do the same? Can I assign a loopback address (public) to it and use it for IPSec?

From my experience up to know with PIX I know that such approach is not feasible and I would need to apply public IP addesses to the external interface of the PIX (and my Router Gateway as well!!!..meaning redesign)

Please let me know. I know other firewalls support such approach.

1 Reply 1

gfullage
Cisco Employee
Cisco Employee

Nope, you can't assign a loopback address to the PIX. You'd have to assign the loopback IP address to the outside of the PIX and terminate the tunnel on that. The PIX does support manual IPSec keying so you'll be able to still use that (although IKE is much more secure).