How do I securely setup PIX 501 site to site VPN for client network management

Posted on 2006-04-19
Medium Priority
Last Modified: 2013-12-03
Hello Experts,

I have a PIX 501 at my office.  The clients I do network managment for have PIX 501's as their edge device.

I would like to setup permanent site to site VPNs with them but I would like to do the following:

Allow - All traffic originating from my subnet to the client networks
Deny - All traffic originating from client subnets to other client subnets

Basically I do not want to be a Hub allowing spoke to spoke communications.

Can this be done easily?

Please provide detailed pix configuration commands to make this happen.

Thanks in advance!

Question by:jamie177
  • 2
LVL 32

Accepted Solution

rsivanandan earned 2000 total points
ID: 16488851

Author Comment

ID: 16489807
Thanks Rajesh,  I've setup the peer to peer tunnel before.  I want to setup peer to peer tunnels from my PIX to multiple client PIXes and ensure that the client networks cannot talk to each other.

Is there anything special I need to do so far as access-lists?


LVL 32

Expert Comment

ID: 16489885
No. you should be okay with the same set of configurations because your access-lists would be only opening up central to client1, central to client2 and so on. So client1 to client2 wouldn't be possible unless you configure it. Something like this;

Say your internal is 10.10.10.x, client1 is 10.10.20.x, client2 is 10.10.30.x

access-list 100 permit ip 10.10.10.x mask 10.10.20.x mask
access-list 100 permit ip 10.10.10.x mask 10.10.30.x mask

so client1 and client2 won't talk to each other.


Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question