Re: PIX-VPN question.

From: Todd Veillette (tveillette@myeastern.com)
Date: Wed Oct 13 2004 - 23:42:47 GMT-3

• Next message: Scott Morris: "RE: vrrp and glbp"
• Previous message: John Matus: "Re: vrrp and glbp"
• Maybe in reply to: Casey Paul (IE): "PIX-VPN question."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes,

You can set up dotQ trunk and have your current and the new routable on
different vlans, same physical interface.
You can then run different acls to different nat 0 groups (or use the same
acl) to separate the same inside network go thru different
gateways for VPN based on destination and route. Now if you have
non-routable dmz you also need to VPN through one of the outsides
you then will have to use different nat 0's.

Be sure to route not only the inside nets, but also the outside peer thru
the correct interface.

-TV

----- Original Message -----
From: "Casey Paul (IE)" <Paul.Casey@o2.com>
To: <ccielab@groupstudy.com>
Sent: Wednesday, October 13, 2004 7:51 AM
Subject: PIX-VPN question.

> Hi,
>
> Can I force a PIX to source a vpn tunnel on diffent interface other that
> the crypto identify interface. i.e can I create loopback int etc...and
> use this a the crypto source or something similar.. ? The VPN's crypto
> source address is the outside interface which is a private address and I
> dont want to source it off this.
>
> thoughts ?
>
> thanks
> /.P
>
>
>
>
>
> ****************************************************************************************
> Please note as of 31st March 2004 we will not be accepting any email to
> Digifone.com addresses. From this date please send all emails to O2.com.
> This E-mail is from O2. The E-mail and any files
> transmitted with it are confidential and may also be privileged and
> intended
> solely for the use of the individual or entity to whom they are addressed.
> Any unauthorised direct or indirect dissemination, distribution or copying
> of this message and any attachments is strictly prohibited. If you have
> received the E-mail in error please notify postmaster@O2.com or
> telephone ++ 353 1 6095000.
>
> *****************************************************************************************
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: vrrp and glbp"
• Previous message: John Matus: "Re: vrrp and glbp"
• Maybe in reply to: Casey Paul (IE): "PIX-VPN question."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:47 GMT-3