Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 214
  • Last Modified:

Port forwarding over a VPN connection with a PIX 501

We have two PIX 501 firewalls connected at two different sites via VPN. I would like to know if it's possible to forward ports over the VPN, so when someone connects to the external address of site 2, the ports get forwarded to the internal address of a computer at site 1, through the VPN connection.  I can post the firewall configurations if needed.  

Thanks
0
OAC Technology
Asked:
OAC Technology
  • 3
  • 3
1 Solution
 
grbladesCommented:
Why would you want to do that?
The whole point of the VPN is that all the computers can access each other using their internal IP addresses.
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
I've never understood why people ask Why I want to do something a certain way. Do people give out points for that?

Software we use to remotely support client computers requires that connections be made to an IP on port 5500. If we have two computers running the software internally, we need to have two external IPs. Rather than purchasing a block of 5 for $10/month, I was curious if we could make use of the IP at our other office and forward it over the VPN.
0
 
grbladesCommented:
The reason I asked why is because that is often the best way of getting people to explain the reason why they think they need to do what they are asking.

So the clients connect to your servers to establish the remote support connection?
You have two offices with a VPN between them. You want to allow in port 5500 at the other office, route it across the VPN to your office and then onto the 2nd computer?

In order to do this the firewall at the other offices needs the functionality of being able to accept a connection and re-route it back out over the VPN. This functionality was introduced in version 7 of the PIX which unfornunetly the 501 model cannot be upgraded to. The PIX at your office is fine being a 501.
0
Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

 
OAC TechnologyProfessional NerdsAuthor Commented:
which router would you recommend upgrading to? cost is a concern.

thank you
0
 
grbladesCommented:
A ASA5505 would probably be best as you currently have the PIX501 which is the base model. The 5505 is the base model aswell but since it is newer it will still be a lot faster than the 501.
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html shows a comparison between the models.
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
perfect, thank you!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now