On a similar note, I'm trying to set up CiscoSecure for VPN connections
through the pix and authenticated via tacacs+. Most of the docs are related
to dial-up for this. I want VPN via the internet. I just want it to grab
from a pool of internal IP's and allow internal access. Any clues you guys
can give me on what I need to be looking for here? I keep finding vpdn &
ppp setup docs.
----- Original Message -----
From: "Christopher Larson" <[EMAIL PROTECTED]>
To: "'Liwanag, Manolito'" <[EMAIL PROTECTED]>; "'Cisco Group Study'"
<[EMAIL PROTECTED]>
Sent: Friday, January 26, 2001 12:08 PM
Subject: RE: VPN through ADSL
> The problem is not so much the the ISP is assigning an address to your DSL
> device through DHCP as the problem of letting the PIX get to the peer
> address(which will be the HOST inside not the DSL device).
>
> Since you are using PAT the address from the host will likely always be
the
> same so it should be o.k.
>
> If you did not know what the client's address would be each time because
you
> were using NAT (as oppossed to PAT) then you would want to use IKE MODE
> CONFIG on the PIX with a wildcard key, or dynamic list on the PIX with a
> wild card key.
>
>
>
>
>
>
> -----Original Message-----
> From: Liwanag, Manolito [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 26, 2001 11:38 AM
> To: 'Cisco Group Study'
> Subject: VPN through ADSL
>
>
>
> I want one of our remote branch to access the internet via ADSL. The
remote
> branch will have the Alcatel ADSL router that the ISP will provide as well
> as a Linksys router behind it for PAT and firewalling capabilities. I also
> want to place a Cisco VPN client at a workstation in the remote branch to
> connect to Corporate. Corporate has a PIX firewall with VPN capabilities.
>
> My question is - Since the ISP uses DHCP to lease addresses for the ADSL
> connection , will this affect my vpn connection?
>
> My Answer is - No since the branch workstation will be PATed anyway.
> Interesting traffic as defined by the VPN policy will allow packets to go
> through to the Corporate location.
>
> Can anyone verify if this train of thought is correct or is there a better
> way to do this ? Basically the remote branch needs access a Unix server
in
> corporate to be able to send a print job to the branch.
>
> Thank you in advanced
>
> Rgds,
> Manolito
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
