Hello, I have a Pix 501 connected to a second Pix 501 with a pre-shared-key setup basic (config below).
I want to add a remote office with 2 IPs that are in the 192.168.1.x address space and are currently running over a bridge with a 56k data line.
The base address space at the central office is 192.168.1.x (the .224 below is a separate space because of the other pix (long story)).
I am going to get rid of the 56k line and will be using some bandwidth off of an existing T1 that is in use by a company subletting some space.
The T1 goes into a Lucent router, then a switch then my pix and also to the shorewall firewall appliance (the main office is setup just like this also (the pix split off of the public IPs in front of the firewall). The pix will be cabled directly to a switch with my 2 devices. So there will not be any co-mingling of my equipment and the existing equipment.
The existing lan is 192.168.1.x of course (but since I am splitting right off of the T1 router does not really effect me, except that I can not run in the same switches on the back side). I will have a static public IP.
What I would like to do is setup a new 'bridge' and leave the printer 192.168.1.226 and computer 192.168.1.227 within the 192.168.1.x address space so they can work and play with the main office like they are now without re-addressing anything (the printer address is hard-coded in the HPUX system all over the place) instead of having the remotes be 192.168.32.x or whatever... because I would have to re-code the 192.168.1.226 addresses..
Can I do this? with my current configuration?
Thanks !
Basic configuration of the 'central' pix.
access-list office2 permit ip 192.168.224.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list nonat permit ip 192.168.224.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list nonat permit ip 192.168.224.0 255.255.255.0 192.168.16.0 255.255.255.0
access-list office3 permit ip 192.168.224.0 255.255.255.0 192.168.16.0 255.255.255.0
crypto ipsec transform-set secure esp-3des esp-md5-hmac
crypto map defaultmap 5 ipsec-isakmp
crypto map defaultmap 5 match address office2
crypto map defaultmap 5 set pfs group2
crypto map defaultmap 5 set peer 163.51.155.2
crypto map defaultmap 5 set transform-set secure
crypto map defaultmap 10 ipsec-isakmp
crypto map defaultmap 10 match address office3
crypto map defaultmap 10 set pfs group2
crypto map defaultmap 10 set peer 131.84.120.3
crypto map defaultmap 10 set transform-set secure
crypto map defaultmap interface outside
isakmp enable outside
isakmp key ******** address 163.51.155.2 netmask 255.255.255.255
isakmp key ******** address 131.84.120.3 netmask 255.255.254.0
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption 3des
isakmp policy 5 hash md5
isakmp policy 5 group 2
isakmp policy 5 lifetime 86400
Start Free Trial
