Pix - VPN problem

fieus · ‎01-12-2001

Yo guruz & newbiez ;)

First of all, a late happy new year & a good weekend ;)

I have this problem setting up a VPN between 2 sites. In our main site we have a Pix 515 configured with an private IP address on the external interface. The inside interface has a public address, so there's our DMZ. If you wanna know why I have a private external ip, read Q15 of the FAQ ( http://www.cisco.com/warp/public/110/pixfaq.html#Q15 )

But now I want to have our branch office to have full access to those servers, so I installed a Pix 506 at a branch office. But there I got the problem I can't get to the private external IP of my PIX @ the main office.

FYI: Between the internet-cloud & the pix, there offcourse always a router (a 1603 @ main site, a 827 @ the branch office).

How can I solve this problem? I first thought of setting up the VPN with the internal (public) interface of the Pix 515, but that doesn't seem to work. (I can't access both internal/external interface from the web!)

Thx already in advance.

Mark

jbohla · ‎01-18-2001

The only thing I can think of is terminating your VPN at the outside router or maybe the inside router (statics and conduits to the outside of the PIX). I know in current PIX code you can terminate the VPN on the inside IF but you still have to have a publicly routable IP address on the outside of the PIX to make this happen. What if you setup a static and conduits for Ipsec for the inside interface of the PIX to give it a public address on the outside? Never tried it and I bet nobody else has either but it might work. It might mess things up too. I would call Cisco for advice. Good luck and let us know what you come up with. Anybody seen this?