I prefer to put them parallel (generally). This is so you can control all decrypted traffic, and see what it is.
Symon -----Original Message----- From: Chris Penrose [mailto:[EMAIL PROTECTED] Sent: 04 March 2003 19:27 To: [EMAIL PROTECTED] Subject: 3000 Concentrator behind/in front or parallel to PIX? [7:64383] Hi All, I am setting up a VPN to connect remote sites to a Head Office, the head office has a VPN 3000 Concentrator and a PIX 515 Firewall, As I understand it I can place the PIX in front/behind or in Parallel to the 3000 . I was wondering if anyone that has done this has any recommendations as to the best place for the PIX or any advantages/disadvantages of placement. I am thinking in front but I am unsure what repercussions this will have with regard to access across the VPN. I need all IP through the vpn tunnels for each site, so with the PIX in front I would be setting up a static to the outside interface of the 3000 and adding the following acl's Access-list 100 permit ah any vpn3k Access-list 100 permit esp any vpn3k Access-list 100 permit udp any vpn3k eq isakmp Would I still need acl's on the PIX to allow all other IP from each site? Or should I place the PIX somewhere else. any advice appreciated. thanks Chris. ============================================= This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. ============================================= Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64400&t=64400 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
