Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
0
Helpful
1
Replies

VPN on router bypassing the Firewall

Shobith K
Level 1
Level 1

‎09-28-2004 02:15 AM - edited ‎02-21-2020 01:22 PM

I have a scenario like this...

We have local lan 10.x.x.x connecting to internet through a pix firewall and A cisco router.

Router has vpn 3des software in it. I want to configure ROUTER as VPN server, for remote access users to connect to LAN using their vpn client

Configuration on the router is done. Users are able to connect to the vpn using their vpn client. BUT they are not able to access any local LAN resources since PIX comes between the router and LAN.

Can u tell me what i have to do on the firewall side to make this scenario work.

i am attatching the network diagram

Labels:
0 Helpful
1 Reply 1

piseli
Level 1
Level 1

‎09-28-2004 08:38 AM

You have to permit incomming traffic from the VPN pool network into the Local netwotk 10.x.x.x behind the PIX.

access-list acs-outside permit ip VPNPool-IPRange 255.255.255.0 PIX-Inside-IP-Range 255.255.255.0

access-group acl_outside in interface outside

route outside VPNPool-IPRange 255.255.255.0 VPN-Router

access-list NONAT permit ip PIX-Inside-IP-Range 255.255.255.0 VPNPool-IPRange 255.255.255.0

nat (inside) 0 access-list NONAT

should be something like this, but be aware that you opens a big security hole in your PIX as you permit all VPN Clients to connect behind the firewall.

Be sure that you have a tight access-list on your VPN Router.

sincerly

Patrick

0 Helpful
Customers Also Viewed These Support Documents