Solved

Adding an additional Cisco PIX to my network for site-to-site VPN's only.

Posted on 2011-09-30
6
281 Views
Last Modified: 2012-05-12
Below is a diagram of what my network currently looks like.  I've been tasked with adding an additional Pix that will be used for Site-to-Site VPNs only.  My problem is I don't know where to place the Pix on the network.  I don't have a DMZ switch or anything to plug the outside interface of the PIX into.  Is there any way to add this additional PIX without putting a switch between the Cisco 1700 Router and the main PIX.  Thanks.

     Network Diagram
0
Comment
Question by:denver218
6 Comments
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 167 total points
ID: 36891462
If the router doesn't have any additional ports I'm afraid you'll need a switch in between. Or you could set up the site to site on the asa already in place....
0
 
LVL 18

Assisted Solution

by:jmeggers
jmeggers earned 167 total points
ID: 36893384
Depending on interfaces, the only other option I can think of is to create a DMZ on the existing PIX and hang the new PIX off that DMZ.  But that certainly seems to get more complicated than necessary.

Is there a reason not to configure the VPN on the existing PIX?
0
 
LVL 2

Assisted Solution

by:dslam24
dslam24 earned 166 total points
ID: 36893779
This is kind of a fun one, here is an idea.
i'm not sure if it would work.  I might lab it up just to see :)

You could place your VPN PIX on your LAN with a private address on the OUTSIDE interface. On your main pix make a 1-to-1 NAT so your VPN pix can be accessed with a public address. Then in your main PIX on the outside interface ACL permit ip any to the VPN pix.

Basically your VPN pix would be configured just like you would if you had it in parallel to your main PIX except for the fact that you'd be using NAT to get to it.

Like I said i've never tried it so i'm not sure it will work but I have seen some scenarios that lead me to believe it will.

Hows that?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36894046
Depends on the pix version how good it is with vpn passthrough.
0
 
LVL 2

Expert Comment

by:dslam24
ID: 36894377
The more I think about it, the more I see no reason why it shouldn't work.

Here is a couple of examples using L2L VPN and PPTP/L2TP.

In fact I have done PPTP pass-through across a 5510 running 7.x going to a MS server, so not exactly the same but similar.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009486e.shtml#table2

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

0
 
LVL 4

Author Closing Comment

by:denver218
ID: 36917575
Thanks.  The customer decided it was fine for me to create the VPN on the main PIX.  When I posted this question, the requirement was to use another pix for VPNs, but that changed.  dslam24 I do like your idea, and think I will try that on my network at my office just to see if it works.  I don't see why it wouldn't, I have actually done this with a sonicwall before, it just didn't come to mind until you mentioned it.  Thank you all for your comments.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question