Whether you use Private or Public really does not matter.
The provider will create a specific VPN just for you and this will not have
any effect on the global routing table of your provider.
And even if it did, the whole idea of public networks are address unique to
you on the public network so n
I don't think they should have a problem. The VRF should be created just for
you so there should be no conflict. I never used this service from any of my
providers so I cannot be certain. But as far as I'm concerned they shouldn't
even care what addressing you're using between the sites. They provi
Theoritically a VRF operation should allow you to do it. Think of it as
having a GRE tunnel between 2 sites, and you use an "overlapping public
range" across it, you can do it.
It may still depend on the provider, so check with them
rgds
Nick
Message Posted at:
http://www.groupstudy.com/form/r
Dear All,
We have some ip address that use internally,eg, 30.x or 40.x but it is not
in private address range. Can I still use this range when connect to the
IP-VPN provider that using MPLS technology? I know that MPLS can allow
overlapping of customer address by using VRF and RD. I wonder any tec
the office 3000 concentrator will route packets between each spoke
client (3002). Its sort of like a hub & spoke frame relay network in a
routing sense.
For implementation, just make sure the 3002 are passed routes
via their split tunneling network list on the the 3000 concentrator.
Or if your no
Hi guys,
I have a question that I hope somebody can help me out with...
I have a Cisco 3000 series VPN concentrator in one of our offices. Call it
office 'A'.
I have a Cisco 3002 VPN hardware client in office 'B'. The VPN between both
office works fantastic.
I also have a 3rd office with a Ci
Disabling split tunneling is being visited. As TJ has pointed out there are
several different reasons why it is/can be implemented in different
scenarios. This configuration was in place before I started. It is my job
to upgrade the concentrator at which time the security policies associated
wit
ault-deny policies/access-control, etc. etc.
Thanks!
TJ
-Original Message-
From: Mark W. Odette II [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 16, 2003 10:13 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco VPN Question [7:61148]
> Split tunneling has been enabled up until now.
Do
Kim Graham [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 16, 2003 5:57 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco VPN Question [7:61148]
Basically it performs as per stated. We have VPN users that come into
our
concentrator from all over North American and abroad. They have used a
variety of
Basically it performs as per stated. We have VPN users that come into our
concentrator from all over North American and abroad. They have used a
variety of cable, dsl, dial-up providers and for the most part do not have
any issues. Split tunnelling has been enabled up until now.
As for private
Just wondering... Does anybody know how reliable the Cisco VPN client is
with "split-tunneling" when paired with a Cisco 3005 concentrator. Is it
able to perform as advertised is almost every situation or does it have
problems with private networks and/or different service providers or cable
modems
The default route will work. When the packet reaches the PIX it will compare
the access-list. If it matches then it will look for the peer address and
send it to the peer.
regards
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59081&t=59043
-
Hi folks,
My set up as follows
Host A-(in)PixA(out)Internet---(out)PixB(in)HostB
I have a VPN using Ipsec between Pix A and Pix B.Do I need to have a Static
(inside,outside)to hostB for hostA to connect or Pix B would default route
the packet to hostb.
nat 0 access-list 80
access-li
;
> -Original Message-
> From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 19, 2002 8:10 PM
> To: [EMAIL PROTECTED]
> Subject: RE: PIX site-to-site VPN question... [7:57648]
>
>
> Edward Sohn wrote:
> >
> > Perfect...
> >
, 2002 8:10 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX site-to-site VPN question... [7:57648]
Edward Sohn wrote:
>
> Perfect...
>
> very interesting, indeed. I have long wondered about this scenario,
> and have wondered how companies are implementing their site-to-site
>
d
>
> -Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> Behalf Of
> Mark W. Odette II
> Sent: Monday, November 18, 2002 9:19 PM
> To: [EMAIL PROTECTED]
> Subject: RE: PIX site-to-site VPN question... [7:57648]
>
>
> The only way that
] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mark W. Odette II
Sent: Tuesday, November 19, 2002 12:19 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX site-to-site VPN question... [7:57648]
The only way that you could put private addresses on the OUTSIDE
interface of the PIX (Site A), and still successfully set up
In-Line...
Perfect...
very interesting, indeed. I have long wondered about this scenario, and
have wondered how companies are implementing their site-to-site VPN's
over the internet. so you're saying (regarding your own roll out), that
your ISP assigned you two address spaces and routed your
ubject: RE: PIX site-to-site VPN question... [7:57648]
The only way that you could put private addresses on the OUTSIDE
interface of the PIX (Site A), and still successfully set up a Tunnel to
another PIX across the internet that is behind an edge router of your
own control (Site B), is to build
C1918 addresses. Site to Site
VPN's were established using the Public IP addresses on the "Outside"
interface of each PIX.
HTH's
Mark
-Original Message-
From: Edward Sohn [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 18, 2002 10:13 PM
To: [EMAIL PROTECTED]
Sub
November 18, 2002 7:38 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX site-to-site VPN question... [7:57648]
Yes,
He should use public on the outside link and then private on the inside
the setup would be much easier that way. NAT or PAT on a pix is so easy.
And I had a slight brain fart he can'
TECTED]; [EMAIL PROTECTED]
Subject: RE: PIX site-to-site VPN question... [7:57648]
You have to use the public ip addresses as I stated in my last email
private is non routeable on the net, though I have seen sprint route
private by mistake from time to time :)
But that is not what confused me, wha
May I also ask why you want to use private?
-Original Message-
From: Edward Sohn [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 18, 2002 10:50 PM
To: Elijah Savage III; [EMAIL PROTECTED]
Subject: RE: PIX site-to-site VPN question... [7:57648]
okay, i should have explained better
Savage III; [EMAIL PROTECTED]
Subject: RE: PIX site-to-site VPN question... [7:57648]
okay, i should have explained better...sorry
let's break my point down to a digestable limit...
at this point i want to know how to set up the site-to-site VPN tunnel
between the two PIX's, if i u
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Elijah Savage III
Sent: Monday, November 18, 2002 7:17 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX site-to-site VPN question... [7:57648]
Oh yeah with the limited address space the correct term I meant to use
is PAT not to confuse an
x
for the vpn tunnel. So of course if he used private there is no way site
A can talk to site B across the internet.
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 18, 2002 10:27 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX site-to-site VPN que
Oppenheimer [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 18, 2002 9:27 PM
> To: [EMAIL PROTECTED]
> Subject: RE: PIX site-to-site VPN question... [7:57648]
>
>
> Brunner Joseph wrote:
> >
> > You should use private addressing behind the pix and use
&g
onday, November 18, 2002 9:27 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX site-to-site VPN question... [7:57648]
Brunner Joseph wrote:
>
> You should use private addressing behind the pix and use static's from
> the /29 to map to Servers, etc. behind the pix.
>
> Why would yo
, November 18, 2002 9:27 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX site-to-site VPN question... [7:57648]
Brunner Joseph wrote:
>
> You should use private addressing behind the pix and use static's from
> the /29 to map to Servers, etc. behind the pix.
>
> Why would you ever wan
Brunner Joseph wrote:
>
> You should use private addressing behind the pix and use
> static's from the /29 to map to Servers, etc. behind the pix.
>
> Why would you ever want to put public ip's behind a pix ?
> especially for a vpn ? Not cool. It makes it an easier target
> to spoof, as apposed t
You should use private addressing behind the pix and use static's from the
/29 to map to Servers, etc. behind the pix.
Why would you ever want to put public ip's behind a pix ? especially for a
vpn ? Not cool. It makes it an easier target to spoof, as apposed to RFC1918
addresses.
Answering your
Would someone mind explaining to me how addressing works on the outside
interface of a PIX in a site-to-site VPN configuration with edge routers
connected to the internet?
PIX1(outside)(e0)R1(e1)INTERNET--(e1)R2(e0)(outside)
PIX2
If I'm provided a /29 address by my ISP for PIX
Uncheck "Allow IPSec through NAT mode"
Make sure "client for Microsoft client" is checked
Yoshi
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Naomi James
Sent: Tuesday, July 09, 2002 8:43 PM
To: [EMAIL PROTECTED]
Subject: VPN Q
I have a 3015 concentrator. I am supposed to be able to use my cable modem
at home to connect to the Internet and then use my vpn client to connect to
my local network on my campus. I can connect with my vpn client, but I can
not map any drives on my local network on my campus. I have tried LMH
I think you can do it in 2 ways:
1) using dynamic crypto map. Here is a link which
describe how to set up it !!!
http://www.cisco.com/warp/public/707/ios_804.html
2) If u have public ip addresses say on ur ethernet
side or a pool assigned to by ISP. U can use that on
either on ethernet or loopbac
I found another link http://www.cisco.com/warp/customer/707/ios_804.html
that shows router-to-router with a DHCP address. Combining the documents,
it seems like this will work. I'll post the conclusion once I've tested it.
A great big thanks to all who responded.
Craig
At 05:25 PM 4/22/2002
ECTED]
~Subject: PIX to Router VPN Question [7:42262]
~
~
~Is it possible to setup a router to PIX VPN when the router is
~obtaining a
~dynamic WAN interface address (in this case ISDN dial-up)?
~If so, has anyone done this? How do you define the peer when
~you don't
~know the peer address? Is i
Ok, I found this link
http://www.cisco.com/warp/customer/110/dynamicpix.html for PIX-PIX when one
of the PIX has a DHCP address. Does anyone know whether this same setup
will work for router-PIX? (I'm going to test later, but if someone can
save me a headache, it's certainly appreciated.
Tha
Of
Craig Columbus
Sent: Monday, April 22, 2002 3:46 PM
To: [EMAIL PROTECTED]
Subject: PIX to Router VPN Question [7:42262]
Is it possible to setup a router to PIX VPN when the router is obtaining a
dynamic WAN interface address (in this case ISDN dial-up)?
If so, has anyone done this? How do you
Is it possible to setup a router to PIX VPN when the router is obtaining a
dynamic WAN interface address (in this case ISDN dial-up)?
If so, has anyone done this? How do you define the peer when you don't
know the peer address? Is it possible to allow any host to create a tunnel
provided that
the client.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Marshal Schoener
Sent: Wednesday, November 07, 2001 1:41 PM
To: [EMAIL PROTECTED]
Subject: VPN Question [7:25593]
Quick VPN question for you guys :-)
I have a central site with a VPN3000 Concentrator.
oo.com> cc:
> [EMAIL PROTECTED]
> Sent by: Subject: tough VPN
> question
>
cc:
[EMAIL PROTECTED]
Sent by: Subject: tough VPN
question
nobody@groups
tudy.com
You will be terminating your VPN tunnels on end devices such as firewalls or
routers. The encryption performance has more to do with your equipment than
it does the provider. The carrier just sees routable packets with ip
addresses. I would concentrate on having beefy enough hardware to carry the
Hey guys,
My company is using point-to-point frame-relay (64k CIR) between an office
in NY, and an office in Malaysia (Other side of the world).
All of the Malaysian Internet access and email comes through NY first and
then out to the Internet. It is costing us around 5k/month.
We put some voice
Hello,
I'm afraid I'm clueless about VPN's other than basic traversing of
rfc1918 IPs over a public network. What Im wondering is that my cable
connection to the internet is handled by a cisco2610. On the other side of my
work is an Intel Netsructure VPN gateway use 3des as their encrypti
Fax: (604) 232-8899
Direct: (604) 232-8815
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sam
Sent: Tuesday, May 29, 2001 3:08 PM
To: [EMAIL PROTECTED]
Subject: VPN Question [7:6307]
Is it possible to set up a site-to-site VPN between a PIX
Is it possible to set up a site-to-site VPN between a PIX and a 1700 router?
Our office uses a PIX firewall and we would like to connect a remote office
that uses a 1700 router. Cost is a primary concern.
Thanks
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6307&t=6307
ary 22, 2001 2:49 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Still doesn't work: tough VPN question
>
>
> Are you sure the PDC has a route back to the VPN client?
>
> "Justin Menga" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[
PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Still doesn't work: tough VPN question
>
>
> Hello,
>
> Thank you guys for the help. Unfortunately, I tried to
> put LMHOST file, still doesn't work. We use WINS and I
> can ping
Guess I should have looked first... sorry guys I found out what I need I =
think.
-- Kevin
- Original Message -=20
From: Kevin Welch=20
To: [EMAIL PROTECTED]=20
Sent: Thursday, January 11, 2001 11:53 PM
Subject: IPSEC VPN question
What measures does ipsec use to deal with
What measures does ipsec use to deal with man in the middle attacks?
-- Kevin
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Hello,
Thanks a lot for all the info, you guys are great!!!
Problem is solved by doing:
1. Use PIX internal ip address as match address
2. Create nonat for traffic to central router
I have 2 more questions (sorry, couldn't find answer)
1. How do I do redundancy between branch office (2
PIXs) an
Are you using overload and port address translation with the working config? I
undertsnad the issue to be with the VPNs ability to utilize layer-4
translations. I think the VPN will succeed with a singular address-based
translation.
Curtis
Jim Bond <[EMAIL PROTECTED]> wrote:
Hello,
Let me re-
lto:[EMAIL PROTECTED]]
Sent: Monday, December 11, 2000 12:18 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: last try: tough VPN question
Hello,
Let me re-describe the situation:
Central office 7100 router, site office PIX (NAT
overload 1 public ip address), IPSec tunnel is
establised,
ts is supported (though I could be wrong on that).
Have you tried the LMHOSTS approach?
Scott
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim Bond
Sent: Sunday, December 10, 2000 6:18 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: last try: t
Hello,
Let me re-describe the situation:
Central office 7100 router, site office PIX (NAT
overload 1 public ip address), IPSec tunnel is
establised, clients at site office can't logon NT
domain but can do everthing else.
Today, I replaced the PIX with a 3620 router (same
IPSec setup), everythin
riday, December 08, 2000 6:30 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Still doesn't work: tough VPN question
Hello,
Thank you guys for the help. Unfortunately, I tried to
put LMHOST file, still doesn't work. We use WINS and I
can ping domain controller
D]]On Behalf Of
Travis Gamble
Sent: December 7, 2000 9:05 PM
To: Jim Bond; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: tough VPN question
One thing I've noticed is that Windows tries to cache passwords. When they
first turn on their computer, they aren't generally connected to t
wick" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Still doesn't work: tough VPN question
>Date: Fri, 08 Dec 2000 17:56:25 -
>
>How about getting a test machine and running nbtstats to test the WINS
>resolution?
>
> >>>Brian
>
>
>
I beg to disagree with you. I can certainly telnet, ftp and ping to any
NETBios name on my network.
-Original Message-
From: Benjamin Walling [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 08, 2000 9:21 AM
To: [EMAIL PROTECTED]
Subject: Re: Still doesn't work: tough VPN que
esn't work: tough VPN question
Name resolution is exactly what WINS does! It maps Netbios names to IP
addresses. Windows clients resolve names to IP addresses using a number of
criterion, and depending on what kind of node they are (H;B;P;M)the order
that they search services and files dif
How about getting a test machine and running nbtstats to test the WINS
resolution?
>>>Brian
>From: "Benjamin Walling" <[EMAIL PROTECTED]>
>Reply-To: "Benjamin Walling" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Still doesn
ge
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I beg to disagree with you. I can certainly telnet, ftp and ping to any
> NETBios name on my network.
>
>
>
> -Original Message-
> From: Benjamin Walling [mailto:[EMAIL PROTECTED]]
> Sent: Friday, December 08,
ED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Still doesn't work: tough VPN question
Hello,
Thank you guys for the help. Unfortunately, I tried to
put LMHOST file, still doesn't work. We use WINS and I
can ping domain controller using name so I don't think
it's naming issue.
-
From: Benjamin Walling [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 08, 2000 12:21 PM
To: [EMAIL PROTECTED]
Subject: Re: Still doesn't work: tough VPN question
Yes, WINS resolves NetBIOS names to IP addresses, but only for Windows
networking functions. It is not used for ping, ftp, t
> The way you have written makes it sound as if I did not have DNS and I
> did a ping, telnet, or ftp by name that it would not work, and that is
> not the case.
That is not what I intended. If you do a ping, it is not a test of whether
WINS is working because there are other ways to resolve a n
ROTECTED]]
> Sent: Friday, December 08, 2000 9:21 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Still doesn't work: tough VPN question
>
>
> Yes, WINS resolves NetBIOS names to IP addresses, but only for Windows
> networking functions. It is not used for ping, ftp, telnet, etc. It is
min Walling'; [EMAIL PROTECTED]
Subject:RE: Still doesn't work: tough VPN question
I beg to disagree with you. I can certainly telnet, ftp and ping to any
NETBios name on my network.
-Original Message-
From: Benjamin Walling [mailto:[EMAIL PROTECTED]]
Sent: Friday, Decemb
Jim, here is a link to an MS KB article outlining the requirements for
domain traffic over a firewall. Open these ports on the firewall to pass
the domain traffic.
Here's what happens: a client comes up and broadcasts for an available DC.
This also happens over TCP/IP, even if TCP/IP is the on
gt;From: "Benjamin Walling" <[EMAIL PROTECTED]>
> >Reply-To: "Benjamin Walling" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: Still doesn't work: tough VPN question
> >Date: Fri, 8 Dec 2000 08:27:04 -0500
> >
>
.
> >
> > In LMHOSTS. :
> >
> > (ip address) (Netbios name) #PRE #DOM:(domain name
> > if domain controller)
> >
> > Also, to refresh without rebooting the PCs, "nbtstat
> > -R"
> >
> > Hope this helps!
> >
> > Scott
> >
> >
#PRE #DOM:(domain name
> if domain controller)
>
> Also, to refresh without rebooting the PCs, "nbtstat
> -R"
>
> Hope this helps!
>
> Scott
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Jim Bond
&g
Altiga VPN Client works with Pix 5.2
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sam Munzani
Sent: December 7, 2000 4:38 PM
To: Manishkumar Patel; Scott Morris; Jim Bond; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [RE: tough VPN question
From: "Jim Bond" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, December 07, 2000 1:18 AM
Subject: tough VPN question
> Hello,
>
> I'm trying to set up a IPSec between a PIX (branch
> office) and router (central o
-R"
> >
> > Hope this helps!
> >
> > Scott
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Jim Bond
> > Sent: Thursday, December 07, 2000 1:19 AM
> > To: [EMAIL PROTECTED]
&g
To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: tough VPN question
>
>
> Hello,
>
> I'm trying to set up a IPSec between a PIX (branch
> office) and router (central office). All PCs at branch
> office share 1 ip address. IPSec seems to be working
> fine beca
g the PCs, "nbtstat -R"
>
> Hope this helps!
>
> Scott
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Jim Bond
> Sent: Thursday, December 07, 2000 1:19 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
>
ED]>
To: "Jim Bond" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, December 07, 2000 5:54 AM
Subject: Re: tough VPN question
> You are not NAT'ing the clients to the Domain Controller are you? I think
> you are by the fa
-Original Message-
From: Jim Bond [mailto:[EMAIL PROTECTED]]
Sent: ??? ? 07 ? 2000 08:19
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: tough VPN question
Hello,
I'm trying to set up a IPSec between a PIX (branch
office) and router (central office). All PCs at branch
office share
9 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: tough VPN question
Hello,
I'm trying to set up a IPSec between a PIX (branch
office) and router (central office). All PCs at branch
office share 1 ip address. IPSec seems to be working
fine because clients can ping/telnet/email/map drives
fr
manually map drives
without the use of the browser service.
-Original Message-
From: Jim Bond [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 06, 2000 11:19 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: tough VPN question
Hello,
I'm trying to set up a IPSec between a PIX (b
rk (Canada)
Email: [EMAIL PROTECTED]
- Original Message -
From: "Jim Bond" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, December 07, 2000 1:18 AM
Subject: tough VPN question
> Hello,
>
> I'm trying to set u
Jim,
Make sure that your Pix is allowing the NBT. If not open a port for it.
Also, if you are not using WINS, configure an ip helper address.
Jim Bond wrote:
> Hello,
>
> I'm trying to set up a IPSec between a PIX (branch
> office) and router (central office). All PCs at branch
> office share 1
CCIE # 5185
- Original Message -
From: "Jim Bond" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, December 06, 2000 10:18 PM
Subject: tough VPN question
> Hello,
>
> I'm trying to set up a IPSec between a P
Message-
From: Jim Bond [mailto:[EMAIL PROTECTED]]
Sent: ??? ? 07 ? 2000 08:19
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: tough VPN question
Hello,
I'm trying to set up a IPSec between a PIX (branch
office) and router (central office). All PCs at branch
office share 1 ip ad
Did you try an LMHOST file to specify the name and IP address of the domain
controller?
Robert
Original Message Follows
From: Jim Bond <[EMAIL PROTECTED]>
Reply-To: Jim Bond <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: tough VPN question
Hello,
I'm trying to set up a IPSec between a PIX (branch
office) and router (central office). All PCs at branch
office share 1 ip address. IPSec seems to be working
fine because clients can ping/telnet/email/map drives
from/to central office. The problem is they can't
logon NT domain. They can p
gHi!
My company is in need of implementin a VPN between it's two sites. Since i'm
new on this area, I would like some recommendations on on Cisco VPN products
and a site where i could find specs for those products.
Thank you in advance.
Ricardo DaSilveira
CCNA,MCSE
Hi Ricardo,
You can use a PIX-to-PIX VPN with 3DES encryption ... works great!!
HTH,
""Ricardo DaSilveira"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> gHi!
> My company is in need of implementin a VPN between it's two sites. Since
i'm
> new on this area,
Can I use local authentication for "crypto map" on my PIX VPN
solution?
I thought I could until I got to:
crypto map my_named_map client authentication (and realized this last
argument can only be TACACS+ or RADIUS)
and if not, does that mean I have to buy a RADIUS product or this PIX i
I have 2 Catalyst 2900XL and I want to put FastEthernet 0/1 of each Switch
in VPN 10. ?
How can I do it ?
I do it in the same Switch , but now I want to do it in 2 switchs.
Thanks
___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ,
Can you use ip unnumbered on a serial interface that will be used as a
tunnel..
interface Tunnel1
ip address 172.24.3.6 255.255.255.0
tunnel source Serial0.1< OR U have To specify IP
tunnel destination 87.135.224.22
interface Serial0
description To Corporate Office
no ip
What is the best way of doing VPN with two remote offices. What is the
equipment i can use. I'm planning on doing VPN with PIX515 and 1601. Is this
a good solution?
Thanks
- Original Message -
From: Ole Drews Jensen <[EMAIL PROTECTED]>
To: 'Chuck Larrieu' <[EMAIL PROTECTED]>; Ole Dr
94 matches
Mail list logo