07-08-2002 06:01 AM - edited 02-21-2020 11:54 AM
I work with a PIX515. Terminating a VPN tunnel (L2TP/IPsec connection) on the outside interface works fine. But my goal is to terminate the tunnel on a perimeter interface. I have tried several things but I can't get it to work.
Checking the syslog shows that the udp traffic on port 1701 reaches the interface on the perimeter network. But for some reason the firewall doesn't answer.
Has anyone established successfully a vpn tunnel to a perimeter interface? Can anyone help me? Sample Config?
Thank you.
Hans
07-08-2002 09:18 PM
You can terminate an IPSec tunnel on any interface on the PIX eg outside, dmz etc.
Make sure you enable isakmp on your dmz, for eg;
!
isakmp enable outside
isakmp enable intf2
!
crypto map test-intf2 interface intf2
crypto map test-out interface outside
http://www.cisco.com/warp/customer/110/client-pixhub.html
HTH
R/Yusuf
07-09-2002 01:09 AM
Dear Yusuf
Thanks a lot for your answer and the the link. That's right, I can terminate the tunnel on any interface as long as this interface is also connected to the "outside" world (as described in your link) but NOT when I have only one "outside" and the traffic must "flow" through the pix to the perimeter interface.
Greetings
Hans
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide