IPSEC VPN Question
- From: "Paul Crisp" <PCrisp@xxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 12 Apr 2005 11:20:57 +0100
Ok, can someone please help me?
I know how to establish a site-2-site IPSEC VPN between an ISA 2004
Server and Cisco PIX and have successfully done this and it works fine.
My problem is this; some background information may help here
We have three sites that are all inter-connected via leased line
connections
Lower Marsh, London - 192.1.2.x /24
Worcester Park, Surrey - 192.1.1.x /24
Westminster Bridge Road, London - 192.1.5.x /24
There are internet connections in Lower Marsh and Worcester Park and we
run ISA 2004 SE Servers in both of those locations and the way we have
setup things is that Worcester Park internet traffic goes out via the
Worcester Park ISA 2004 firewall and Lower Marsh & Westminster Bridge
Road internet traffic goes out via the Lower Marsh firewall.
The internal 'LAT' (I know Tom it is not a lat but somehow seems simpler
to explain) contains all of the above IP ranges on both ISA 2004 servers
and our internal Cisco routers use EIGRP to allow us to failover
internal systems.
Now we are trying to setup IPSEC VPN connections to a third party based
in Houston and the only information about there network I have is that
they are running a Cisco PIX. As I have already said above we have
successfully managed to create a connection between the Lower Marsh site
and the third party and this connection works fine.
Now we also want to setup another IPSEC VPN connection from the
Worcester Park site to the third party but obviously because the
Worcester Park and Lower Marsh 'LAT' contains the same IP address ranges
the IPSEC VPN will not establish as it needs to have unique ranges. My
question is does anyone know can this be achieved at all, even if the
third party was to buy in more equipment ?
My first guess was for them to purchase a Cisco VPN Concentrator and
then another Cisco PIX, and this would enable the Cisco PIX's to be the
tunnel endpoints and thus my Lower Marsh site would connect to one and
my Worcester Park site would connect to the other and this would get
around the IP uniqueness, can anyone confirm or deny?
Please can someone help me on this, as the third party is not being very
helpful
Regards
Paul Crisp
Snr Network Support Analyst
Other related posts:
