Cisco PIX VPN over a second external connection

I have a pix 515 running 7.2(1)

I have a T1 and cable modem connection currently all users surf over the cable modem.

I would like to know if its possible to allow VPN users to connect over the T1? If so what special do I need to setup.

Thanks
LVL 1
citsloginAsked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
Well . . . yes . .  and no..
The issue is that you apparently have the cable modem set as the default gateway.
You can have VPN users come in over the T1 to a separate interface on the PIX quite easily, except for the fact that the default path goes through the cable modem.
PIX-T1 interface has a different IP from T1 ISP - say 12.34.56.2
Client at home has IP address 24.222.22.22
Client tries to connect to 12.34.56.2
Request comes in through the T1
PIX has to respond back to 24.222.22.22
PIX looks in route table and only finds default to 63.44.55.6 - the cable route
PIX replies through the cable route
Client expecting reply from 12.34.56.2 but get reply from 63.44.55.6 and drops attempt to connect

The only way around this is to add specific static routes in the PIX for each remote client user:
 route t1_interface 24.222.22.22 255.255.255.255 12.34.56.1  <== to reply back to this client, go out the T1

What if users are all mobile (that's the idea mostly, anyway - right)? That's the problem..
As long as you can get the mostly stationary users' home IP's then  you can add appropriate routes to them. If they're all on the same cable vendor they should mostly have the same IP address range - 24.222.0.0 and you can add a static network route like that  pointing out the T1

0
 
citsloginAuthor Commented:
this is exactly what Im seeing.

Thanks alot.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.