selhs
asked on
VPN and Firebox X700
I have a Cisco 800 series router coming into my office. I recently purchased a Firebox X700 to setup here for firewall protection. Our subnet mask is 255.255.255.0 on all the PCs and our DHCP range is from 10.0.0.10-10.0.0.254. I'm currently setting up the X700 and its asking for a Trusted IP address, along with a secondary IP address. I'm assuming that in the Trusted IP, i'm suppose to put a static address within the range of our network. I'm not sure what to put in the secondary IP. My second question is, am i going to have to change my configuration in my Cisco in order for me to have a VPN. I'm assuming I will so i can open up certain ports or IPs to come through, however I have no cisco experience, classes don't start until September lol.
Well your trusted IP on the Firebox would be the server that is connected to eth1. This is usually where I also set up the Firebox management console. You should make your route from the Cisco router to eth0 on the Firebox. The secondary trusted zone is for multiple subnets on your network, but from what you are saying in the question you don't have any, so disregard. No you should not have to change anything, just add a route. You need to assign your Firebox eth0 an IP on the same network as your router. These are typically Public Routable IP's. You will then only need to go from e0 of the router to eth0 on the Firebox, and viola!
ASKER
Here's what i get when i put in the trusted interface.
Trusted Interface: 10.0.0.12/24 (IP of our domain server)
Error comes up The Trusted interface address is on a network which overlatps the external interface addresses's network. Please enter an IP address from another network.
Is there some sort of default IP address i can enter in there to bypass this. And what should I enter for the Optional IP address since i'll probably get the same error.
Trusted Interface: 10.0.0.12/24 (IP of our domain server)
Error comes up The Trusted interface address is on a network which overlatps the external interface addresses's network. Please enter an IP address from another network.
Is there some sort of default IP address i can enter in there to bypass this. And what should I enter for the Optional IP address since i'll probably get the same error.
ASKER
Let me give you all the specifics and see what you think, Heres our system info
Router 10.0.0.1
Domain controller 10.0.0.12
DHCP is 10.0.0.2
public IP: 66.109.246.202
I choose the static option to setup the firewall, and i set the firebox IP address to one I have open on the network, 10.0.0.200/24, default gateway i set to 10.0.0.1. Click next works fine. Under the trusted interface, i tried 10.0.0.12/24, got the error "The trusted interface address is on a network which overlaps with the external interface address's network, please enter an IP address from another network. So i tried 192.168.0.1. to see if it would go through and it didn't. I also tried 10.0.0.1/24 and under the optional IP address which requires you to put on in, i tried the 192.168.0.1 address and still failed.
The software version on the firebox is 7.2 also. I can't htink of any other information to give you other then our subnet of 255.255.255.0.
Router 10.0.0.1
Domain controller 10.0.0.12
DHCP is 10.0.0.2
public IP: 66.109.246.202
I choose the static option to setup the firewall, and i set the firebox IP address to one I have open on the network, 10.0.0.200/24, default gateway i set to 10.0.0.1. Click next works fine. Under the trusted interface, i tried 10.0.0.12/24, got the error "The trusted interface address is on a network which overlaps with the external interface address's network, please enter an IP address from another network. So i tried 192.168.0.1. to see if it would go through and it didn't. I also tried 10.0.0.1/24 and under the optional IP address which requires you to put on in, i tried the 192.168.0.1 address and still failed.
The software version on the firebox is 7.2 also. I can't htink of any other information to give you other then our subnet of 255.255.255.0.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We acually have a DSL line in here, and they claim I only have one IP. This might be easier to just talk via email. Here is my email address. BBrubaker@selhs.org.