rick_me27
asked on
Pix to Pix VPN setup question
I am about to start working on a VPN project for my company that will require connectivity to remote sites for access to mapped drives, Exchange and web to the Corporate site. We have a 515E at the Corp and I am planning on putting 501s at each location. What is required as far as IP addresses to make this work? I will get a static IP and DSL circuit for each site to get them up and talking to the web. As far as VPN goes, I'm new to it so bare with me. Do I need additonal IPs, one for Corp site and one for remote site for the tunnel?? I know the PDM will probably make the VPN setup easy enough since it has a wizard to guide me through.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I would like to allow everyone (5-7 users) for each remote office to have access to browse web and Corp network at the same time. So basically all I need is one static address for the remote site and I'll configure DHCP with a private range behind the 501 and I can configure the tunnel at the Corp office to use the extrernal IP of the Pix for the source VPN address? Then I can allow the private range from the 501 back to Corp via ACL correct?
Yes, that sounds about right.
If you want to access the Internet at your remote offices as well, you may need a second address to act as your PAT address. Not sure if you can use the PIX's external interface address as the PAT address?
If you want to access the Internet at your remote offices as well, you may need a second address to act as your PAT address. Not sure if you can use the PIX's external interface address as the PAT address?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for the info. I think i can handle it without any problems. I'll set one up to my house as a test and see how it works out.
Here's some initial comments, I hope they help.
I'm assuming that you're using private addressing behind your firewall. Each of your private networks will need to have different addresses so that you can route from one to another over the VPN tunnel. Also, the firewall is told which traffic to encrypt and tunnel based upon source and destination networks.
I believe that the IP addresses of the external interfaces of the firewalls are used for the tunnels themselves.
Let me know if you need any further information.