VPN Client - RAS - VPN-PIX Route Mapping

Posted on 2003-02-26
Medium Priority
Last Modified: 2013-11-16
This is a classic "VPN Gateway behind the PIX" question...

Can NAT/PAT/Static Routes be used on a Trusted PIX Port
to provide Web Access to

RAS/VPN Client to
VPN3000 Gateway to
PIX Trusted Port

The VPN Gateway is positioned on a subnet behind the PIX.
URL references are appreciated. Thanks.

Tim Weil - CCNP
Question by:krash092097
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 79

Accepted Solution

lrmoore earned 300 total points
ID: 8030639
Yes, absolutely.

I don't know of any particular url that provides specific configurations, but just put the VPN300x public on a DMZ interface, create a static nat map to a public ip for it, and create an access list to permit inbound from any to esp, isakmp, and udp port 10000

If you have specific questions or get stumped at any particular point, I can help. I have actually done this for multiple clients.

Author Comment

ID: 8032836
DMZ interface with public IP - Got it
ACL for Inbound permissions -- Got it
Enabled service for esp, isakmp, udp port 10000 - Got it

Problem we are trying to solve -

   1. VPN tunnel is established behind PIX (no tunnelling
      thru Untrusted (public IP/static port) required.

   2. IPSec tunnel built via RAS/VPN Gateway behind PIX

   3. Access to Network services thru trusted port on PIX
      requires multiple route translations

   4. Example -  
        Client laptop establishes RAS connection - IP#1
        Client authenticates at VPN - IP#2  
        Client requests Network services thru PIX trusted
        DMZ Port - IP#3

   5  What address would a Network Service query respond
      to?  How would PIX map HTTP response request to
      VPN tunnel address (IP#2)?.  

Can I email you offline?
LVL 79

Expert Comment

ID: 8033372
Well, now this certainly complicates matters to extreme. May I ask why all these gyrations?

>Client laptop establishes RAS connection (behind the PIX?)- IP#1
Do you mean dialup, or PPTP?

>Client authenticates at VPN - IP#2
What type VPN? What is the server? What authentication mechanism?

>Client requests Network services thru PIX trusted
       DMZ Port - IP#3
Authorization for network services should not require another IP address. What method are you using for the authorization? TACACS? Radius?

We need to keep this in the open forum as this is a collaborative group. If I miss something, some other experts my jump in to my rescue.

LVL 79

Expert Comment

ID: 8112439
G'day, krash, there has not been any activity on this question in 12 days.
Do you still need assistance, need more information, or have you solved your problem? Can you close
out this question?

Author Comment

ID: 8119966
Issue closed.
Static route across the PIX seem to fix the problem.


Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question