Mark,
Your e-mail is a little lite on details so I give you a few generic tips.
1. Your VPN will need UDP port 500 traffic for the ISAKMP key exchange as well as protocol 50 (ESP) traffic for the actual encrypted tunnel.
2. You will need ISAKMP and ESP open both ways through the PIX.
3. You will probably have problems if you are trying to NAT the traffic at the PIX.
4. This is an incredibly BAD idea from a security standpoint. Your user's PC is probably not locked down very well and with this VPN basically bypasses all of your security measures between the PC and the Internet. What I usually do in situations like this is establish a VPN connection from a VPN device in the DMZ to the other firewall and then I can filter the traffic through my firewall.
Regards,
Jeffery Gieser
- Vpn from internal network Johnston Mark
- Re: Vpn from internal network Jeffery . Gieser
- Re: Vpn from internal network Jose Nazario
- RE: Vpn from internal network Johnston Mark
- RE: Vpn from internal network Jeffery . Gieser
