Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
308
Views
0
Helpful
2
Replies

Vpn with 1760 and 515E

andy
Level 1
Level 1

‎11-17-2004 10:21 AM - edited ‎02-21-2020 01:27 PM

I am setting up four site to site VPN's for support companies and would like some assistance. I have got two 1760 with ADSL cards in, and a pix 515e with 6 FE ports, Each ADSL line has a single 'live address' provided from the ISP's. I would like to terminate the VPN tunnels at the firewall. Each support company will only come thru one of the adsl lines, which means I can block all traffic except the incoming VPN.

Is this the best way to do it ??

Labels:
0 Helpful
2 Replies 2

sachinraja
Level 9
Level 9

‎11-17-2004 01:08 PM

terminating the ipsec tunnels on the PIX will not harm the security aspect of your design. the traffic flowing through the tunnel is anyway restricted by using crypto ACLs... so, there is no way that each company will see others...

you can also think of terminating the tunnels on the router and possibly filter the incoming vpn traffic on the PIX...

first solution is the most widely used... you can anyway think over !!!

All the best !!

0 Helpful

andy
Level 1
Level 1
In response to sachinraja

‎11-22-2004 03:34 AM

Thanks for your re-assurance, I am currently trying to configure the router to nat all traffic from ip address 66.66.66.66 (support company live address) to the private address of the firewall (outside interface), and blocking all other traffic. Can you help as I am not having much luck.

Preview file
733 KB
0 Helpful
Customers Also Viewed These Support Documents