Hi All, I am setting up a VPN to connect remote sites to a Head Office, the head office has a VPN 3000 Concentrator and a PIX 515 Firewall, As I understand it I can place the PIX in front/behind or in Parallel to the 3000 . I was wondering if anyone that has done this has any recommendations as to the best place for the PIX or any advantages/disadvantages of placement. I am thinking in front but I am unsure what repercussions this will have with regard to access across the VPN. I need all IP through the vpn tunnels for each site, so with the PIX in front I would be setting up a static to the outside interface of the 3000 and adding the following acl's Access-list 100 permit ah any vpn3k Access-list 100 permit esp any vpn3k Access-list 100 permit udp any vpn3k eq isakmp
Would I still need acl's on the PIX to allow all other IP from each site? Or should I place the PIX somewhere else. any advice appreciated. thanks Chris. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64383&t=64383 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
