Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to create remote access vpn from different interfaces

Status
Not open for further replies.
bacilko1

bacilko1

Technical User
Dec 4, 2006
8
SK
Hello,

please could you help me with this:

I have a PIX and i want to create VPN - remote access from two different interfaces.
I have a public IP on outside interface and i have dynamic map on this interface. Everythink is OK i can use VPN client and connect to our inside network.
What I want is to create similar VPN access from dmz interface, but the same IP address.

For example:

Outside: 2.2.2.2
Dmz: 192.168.0.1

And i want to connect from host on dmz network to 2.2.2.2 interface with VPN client.

Please what i have to do?
 
Sort by date Sort by votes
I'm a little unclear on what you want -
Are you trying to vpn from the DMZ to the internet or to the external ip address of the pix?

I have never attempted that but some of the principles from this link can be applied to your problem


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Hi supergrrover,

i have remote access from internet to our local network. Internet is located on outside interface.
I have also some dmz networks - on dmz interface.
I need to create similar remote access from dmz interface.

So our users on dmz network can use the same profile in Cisco VPN Client (the same IP of VPN endpoint)

Thank you.

 
Upvote 0 Downvote
Just like "supergrrover" I'm baffled about this one, it's not very clear what you want to do.

Are you trying to get your DMZ users to VPN to the outside interface of the firewall, and if that is what you want to do what are you trying to gain?
 
Upvote 0 Downvote
Ok, I think I got it. Unfortunately I don't think it is possible. Just to be sure
You want users in your DMZ to VPN to the pix and get to the inside network(s) but by using the IP of the external interface (so you don't have to change the client profiles.) Is this right?
You have to give them a separate profile that uses the PIX DMZ IP as the endpoint for the tunnel.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Yes you are right supergrroover!
It is exactly what i want.

I know that on PIX ios there is possibility to use command:
crypto map mapname local-address interface

I think that this can be used for issues like this, but i cant find somethink similar on PIX :(

Thank you
and sorry for my english
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Miluis
  • Locked
  • Question
How necessary is an antivirus?
Replies
3
Views
328
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
1K
Shmid
Shmid
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
817
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
850
intel233
intel233

Part and Inventory Search

Sponsor

Back
Top