VPN Setup on Cisco 827 router/ PIX 506E firewall

It has been a long time since I have done any Cisco work and I am trying to setup VPN access to our corporate LAN for remote users who will be using Cisco VPN software client.
I have a Cisco 837 DSL router (which has a static IP address from the ISP) connected to a Cisco PIX506E firewall which in turn is connected to the internal LAN. Both devices can support VPN and I have activated NAT on both to increase security. I have chosen the PIX device as the VPN endpoint (easy VPN server), but the clients will have to connect to the outside interface of the DSL router. How do I get the VPN connection to the PIX from the router? I am thinking pass thru or port forwarding will be required on the router?
qseovicAsked:
Who is Participating?
 
nodiscoConnect With a Mentor Commented:
hi there

I would allow the PIX do the natting from inside to public ip and turn off nat on the router.  The PIX will then have a public outside ip address and will now be your termination endpoint.  You say you have configured nat on both for increased security - To be honest - i don't see any real advantage in doing this from a security point of view.  A properly configured PIX is a very secure firewall that will protect your network adequately and adding nat on your edge router won't help it a lot - it will just make for more complicated configuration.

Here is a link showing how to configure the PIX as termination endpoint for a vpn client:
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

this link uses AES - replace this as necessary with your preferred encryption.

hope this helps
0
 
nodiscoCommented:
Hi gseovic

Thank you for the accept but may i ask why the C grade?  I gave you a detailed answer and you did not follow up with any further detail or questions.  

Please read the help section on grading questions - C is the lowest you can give and generally indicates that you are not happy with the answer provided.
http://www.experts-exchange.com/help.jsp#hi73

Please advise if this was in error or if you used it for a reason - I see this is your first Q on EE

0
All Courses

From novice to tech pro — start learning today.