Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Vpn from private IP

Posted on 2006-03-28
2
Medium Priority
?
243 Views
Last Modified: 2013-11-16
Hi,
my configuration is:
Office: pix 506E, 6.3(5) Outside ip: static - public

Home:
ADSL Router Outside ip: Dynamic - public
Inside: 192.168.0.1
PIX 501 6.3(5) Outside: 192.168.0.2, Gateway: 192.168.0.1
Inside: 10.12.7.1 , clients: 10.12.7.X

When i am at home, from My laptop, with Cisco clients v 4.8 i am able to connect by vpn to office.
I am trying to configure the hpme PIX to connect office PIX by vpn, so all my home pc are tunnelled.
I configure all but the log say:

ISAKMP Phase 1 retransmission (local 192.168.1.2 (initiator), remote xxremoteIPxx)

702303: sa_request, (key eng. msg.) src= 192.168.1.2, dest= xxremoteIPxx, src_proxy= 10.12.7.0/255.255.255.0/0/0 (type=4),
dest_proxy= 10.0.7.0/255.255.255.0/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 28800s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4004

10.0.7.0/24 is the internal private network on office pix.

It is possible configure the home pix to do this, or is impossible without a pubblic ip address on outside interface ??

Thank you,
Mauro

0
Comment
Question by:Pelitti
2 Comments
 
LVL 9

Accepted Solution

by:
IPKON_Networks earned 500 total points
ID: 16314850
It most certainly is possible to do this with your home PIX connected to the ADSL router. I have many remote offices that are connected in this way. The small ones of 2-3 temp staff can only justify ADSL broadband.

The PIX has an outside IP, which is linked to the inside ADSL network, but you need to make sure the ADSL router/modem is configured to be in passthrough mode. This will then 'publish' your outside IP address through and onto your other PIX in your office.

You need to make sure your PIX does all the firewall work (as it should) as well as DHCP/routing if required for your home network of PC's.

Hope this helps
Barny
0
 

Author Comment

by:Pelitti
ID: 16326807
Passthrough mode. ok i will check. I have only 1 pubblic ip on he router, the outside of my pix is private, so when the vpn start, the caller ip must be natted, it is correct ?

Thank you,
Mauro
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses
Course of the Month15 days, 7 hours left to enroll

575 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question