Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX DMZ - VPN Question

Status
Not open for further replies.
uucutech

uucutech

MIS
Feb 5, 2003
30
US
Hello There,

I have a quick question that hopefully one of you experts will have an answer to ;)

I have a PIX 515 and have setup one of the interfaces on it for a wireless DMZ. Everything in this regard is working fine. People are able to connect to the WLAN and get out to the internet. I am restricting access to the inside interface of the PIX for security reasons. Here is my problem:

Users can VPN to the PIX from home just fine, but I would like them to be able to VPN through the wireless interface on the PIX to gain access to network resources on the internal network while connected to the WLAN. Is this even possible and does it make sense?

Let me know your thoughts.

Thanks in advance for any comments or suggestions,

Dustin
 
Sort by date Sort by votes
Are you saying you want an additional VPN termination to the DMZ interface for wireless users? If so, then yes it will work.


Which version OS? 6.x 7.x?

 
Upvote 0 Downvote
Add these lines

isakmp enable dmz
crypto map [map_name] interface dmz

Now just change the destination on the client config and you should be up and running.




Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Thanks for the replies!

NetworkGhost:

PIX OS v7.0

I just want people on the "wireless" DMZ to be able to VPN into the internal network through the PIX.

Supergrrover:

With your suggestion, if the name of the interface we are talking about is named "wireless" would the following be correct?:

isakmp enable wireless
crypto map [wireless_VPN] interface wireless

Thanks again for the info,

Dustin
 
Upvote 0 Downvote
Yep, that's it.
You basically set everything up just as if you were doing it to the outside interface but then sub in your other interface's name. You can use the same crypto map if all you have is remote access vpn. If you have a site-2-site, then I would create a whole new pair of isakmp and crytpo map settings and apply them to the wireless interfac.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
834
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
345
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
989
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
279
WhosYourDiffie
WhosYourDiffie
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
221
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top