Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 432
  • Last Modified:

Can I establish VPN tunnels through both the inside and outside interfaces on a Cisco Pix firewall?

I currently operate an Internet based WAN with fixed Pix to Pix VPN connections between sites. I am migrating to an MPLS based WAN. While some sites will ditch the firewall and replace it with the MPLS router, others will move the outside interface of their firewall from the Internet router to the MPLS router. During the migration, my location will maintain a direct connection to the MPLS and a firewalled connection to the local Internet service.

My question is: When a remote firewall is moved from Internet to MPLS, can I establish a new tunnel via the inside interface of my Pix, while still maintaining other external VPN tunnels. This would mean, at my end, both encrypted and unencrypted traffic would use the same interface.
0
andy_belton
Asked:
andy_belton
  • 3
  • 3
1 Solution
 
RPPreacherCommented:
You are using a VPN tunnel through the mpls?  Why?  Mpls is private.  You don't need a virtual private network (VPN) on a private network.

Anyway, migrating means that hq should be a bridge between mpls and IPSec networks.  Just remove from pix and route as a normal route.
0
 
andy_beltonAuthor Commented:
I have 2 zones within the MPLS, "private" and "Very private". I am in "Private" but I need to be able to provide admin and support to servers and wkstns in "Very private". Untill all sites are on MPLS, the quickest solution would be to switch VPN tunnel from outside to inside interface when a "Very private" site joins the MPLS. I don't need to know how to do it, just if it is possible. I don't want to spend time reconfiguring the firewall if it turns out that such a configuration will not be permitted by ther Pix.
0
 
RPPreacherCommented:
I'm not sure I get what you mean.

I would recommend enabling IPSec on the very private workstations & server and leave the pix out of it.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
andy_beltonAuthor Commented:
See attached diagram.

The top scenario shows what it is like now. the Private WAN has been created but all remote sites are suopported using VPNs.

The lower scenario shows How I would like it to be after some sites have been transferred to the WAN. IT Support can access Private LAN A directly without any VPN. Very Private LAN B still has its own firewall in place but the outside of it is connected to the WAN. Is it possible for IT support to access Very Private LAN B by VPN from their local firewall, when the VPN is routed back through the same interface (Inside).

Network-Now-and-during-transitio.jpg
0
 
RPPreacherCommented:
Won't work.
0
 
andy_beltonAuthor Commented:
It wasn't what I wanted to hear, but it will save me the futile exercise of trying to configure it that way.

Thank you very much fior the advice.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now