Solved

Cisco PIX VPN over a second external connection

Posted on 2006-10-30
2
278 Views
Last Modified: 2013-11-16
I have a pix 515 running 7.2(1)

I have a T1 and cable modem connection currently all users surf over the cable modem.

I would like to know if its possible to allow VPN users to connect over the T1? If so what special do I need to setup.

Thanks
0
Comment
Question by:citslogin
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17838635
Well . . . yes . .  and no..
The issue is that you apparently have the cable modem set as the default gateway.
You can have VPN users come in over the T1 to a separate interface on the PIX quite easily, except for the fact that the default path goes through the cable modem.
PIX-T1 interface has a different IP from T1 ISP - say 12.34.56.2
Client at home has IP address 24.222.22.22
Client tries to connect to 12.34.56.2
Request comes in through the T1
PIX has to respond back to 24.222.22.22
PIX looks in route table and only finds default to 63.44.55.6 - the cable route
PIX replies through the cable route
Client expecting reply from 12.34.56.2 but get reply from 63.44.55.6 and drops attempt to connect

The only way around this is to add specific static routes in the PIX for each remote client user:
 route t1_interface 24.222.22.22 255.255.255.255 12.34.56.1  <== to reply back to this client, go out the T1

What if users are all mobile (that's the idea mostly, anyway - right)? That's the problem..
As long as you can get the mostly stationary users' home IP's then  you can add appropriate routes to them. If they're all on the same cable vendor they should mostly have the same IP address range - 24.222.0.0 and you can add a static network route like that  pointing out the T1

0
 
LVL 1

Author Comment

by:citslogin
ID: 17843489
this is exactly what Im seeing.

Thanks alot.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question