We help IT Professionals succeed at work.

Vpn from private IP

Pelitti
Pelitti asked
on
Medium Priority
267 Views
Last Modified: 2013-11-16
Hi,
my configuration is:
Office: pix 506E, 6.3(5) Outside ip: static - public

Home:
ADSL Router Outside ip: Dynamic - public
Inside: 192.168.0.1
PIX 501 6.3(5) Outside: 192.168.0.2, Gateway: 192.168.0.1
Inside: 10.12.7.1 , clients: 10.12.7.X

When i am at home, from My laptop, with Cisco clients v 4.8 i am able to connect by vpn to office.
I am trying to configure the hpme PIX to connect office PIX by vpn, so all my home pc are tunnelled.
I configure all but the log say:

ISAKMP Phase 1 retransmission (local 192.168.1.2 (initiator), remote xxremoteIPxx)

702303: sa_request, (key eng. msg.) src= 192.168.1.2, dest= xxremoteIPxx, src_proxy= 10.12.7.0/255.255.255.0/0/0 (type=4),
dest_proxy= 10.0.7.0/255.255.255.0/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 28800s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4004

10.0.7.0/24 is the internal private network on office pix.

It is possible configure the home pix to do this, or is impossible without a pubblic ip address on outside interface ??

Thank you,
Mauro

Comment
Watch Question

It most certainly is possible to do this with your home PIX connected to the ADSL router. I have many remote offices that are connected in this way. The small ones of 2-3 temp staff can only justify ADSL broadband.

The PIX has an outside IP, which is linked to the inside ADSL network, but you need to make sure the ADSL router/modem is configured to be in passthrough mode. This will then 'publish' your outside IP address through and onto your other PIX in your office.

You need to make sure your PIX does all the firewall work (as it should) as well as DHCP/routing if required for your home network of PC's.

Hope this helps
Barny

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Passthrough mode. ok i will check. I have only 1 pubblic ip on he router, the outside of my pix is private, so when the vpn start, the caller ip must be natted, it is correct ?

Thank you,
Mauro
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.