[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 707
  • Last Modified:

VPN and Firebox X700

I have a Cisco 800 series router coming into my office. I recently purchased a Firebox X700 to setup here for firewall protection. Our subnet mask is 255.255.255.0 on all the PCs and our DHCP range is from 10.0.0.10-10.0.0.254. I'm currently setting up the X700 and its asking for a Trusted IP address, along with a secondary IP address. I'm assuming that in the Trusted IP, i'm suppose to put a static address within the range of our network. I'm not sure what to put in the secondary IP. My second question is, am i going to have to change my configuration in my Cisco in order for me to have a VPN. I'm assuming I will so i can open up certain ports or IPs to come through, however I have no cisco experience, classes don't start until September lol.
0
selhs
Asked:
selhs
  • 3
  • 2
1 Solution
 
abollaCommented:
Well your trusted IP on the Firebox would be the server that is connected to eth1.  This is usually where I also set up the Firebox management console.  You should make your route from the Cisco router to eth0 on the Firebox.  The secondary trusted zone is for multiple subnets on your network, but from what you are saying in the question you don't have any, so disregard.  No you should not have to change anything, just add a route.  You need to assign your Firebox eth0 an IP on the same network as your router.  These are typically Public Routable IP's.  You will then only need to go from e0 of the router to eth0 on the Firebox, and viola!
0
 
selhsAuthor Commented:
Here's what i get when i put in the trusted interface.

Trusted Interface: 10.0.0.12/24 (IP of our domain server)

Error comes up The Trusted interface address is on a network which overlatps the external interface addresses's network. Please enter an IP address from another network.

Is there some sort of default IP address i can enter in there to bypass this. And what should I enter for the Optional IP address since i'll probably get the same error.
0
 
selhsAuthor Commented:
Let me give you all the specifics and see what you think, Heres our system info
Router 10.0.0.1
Domain controller 10.0.0.12
DHCP is 10.0.0.2
public IP: 66.109.246.202

I choose the static option to setup the firewall, and i set the firebox IP address to one I have open on the network, 10.0.0.200/24, default gateway i set to 10.0.0.1. Click next works fine. Under the trusted interface, i tried 10.0.0.12/24, got the error "The trusted interface address is on a network which overlaps with the external interface address's network, please enter an IP address from another network. So i tried 192.168.0.1. to see if it would go through and it didn't. I also tried 10.0.0.1/24 and under the optional IP address which requires you to put on in, i tried the 192.168.0.1 address and still failed.

The software version on the firebox is 7.2 also. I can't htink of any other information to give you other then our subnet of 255.255.255.0.
0
 
abollaCommented:
Ok well I see why you are getting that error.  As I stated above you will need to use your public space address for this.  You are going to need another IP address in the 66.109.246.xxx network.  Your ISP should be able to give you a specific block.  For a business account they should have given you at least 4 IP's for every T1.  I can write the config file for you, by just copying mine, but you will need more address space.
0
 
selhsAuthor Commented:
We acually have a DSL line in here, and they claim I only have one IP. This might be easier to just talk via email. Here is my email address. BBrubaker@selhs.org.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now