Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PIX VPN Server behind Business Hub

Rog
Member

on ‎30-03-2009 10:17 AM

I spent most of Friday afternoon trying to work out why I couldnt get a VPN connection working to a new PIX firewall behind our business hub and then saw the post on the latest firmware having broken some VPN connections. To make sure I've got this right can anyone confirm -

 

1) What ports need to be opened to use an IPSEC Cisco VPN server behind the business hub?

(my homehub has this setup as an option in the firewall but for some reason the business hub only has PPTP. I've opened ports 500 and 4500 but cannot connect)

2) The 2-wire website states that the 2700 blocks the IP protocols necessary to use an IPSEC VPN  even when the firewall is configured correctly- is this correct?

3) Has the latest firmware broken any chance of getting the PIX functioning correctly? (BT Tech Support didnt seem to know about this)

 

Thanks for any help anyone can provide. Just as an aside - I've proven I can connect to the outside port of the PIX firewall from inside the business hub firewall so its definitely the business hub thats blocking things.

 

Roger.

0 Kudos
11 REPLIES 11

Rog
Member
In response to a-hill

on ‎31-03-2009 08:41 AM

Hi A-hill

it was frontline support. They tried a couple of times to put me through to ethernet support but couldnt get an answer. The guy I spoke to in the afternoon was extremely helpful - it was just he was being given the incorrect info.

Thanks again for your help

Roger.

0 Kudos

dsh0612
Member

on ‎03-09-2015 12:53 PM

We have use an ASA5510 as our firewall & VPN gateway and we spent so much time trying to get the business hub 5 to allow IPSec and ssl VPNs through reliably that we took the following action:-

 

1. Order a single fixed  IP address from BT. The 5 or 13 usable addresses only work correctly with the BT hub and you can do a lot with NAT and port filtering in the ASA if you don't really need multiple addresses.

 

2. Buy a Vigor 130 VDSL modem. It usually needs no setup.

 

3. Connect the Vigor to the Infinity broadband filter and the ethernet port to the ASA "outside" interface

 

3. Program the ASA "outside" interface for PPoE with the BT username and password and it will pickup your single fixed address and the DNS servers etc.

 

The Business Hub 5 is a decent wireless access point which this solution doesn't provide, but there are wireless access devices avaiable for £20.00 and up which also offer the advantage that they are behind the company firewall

 

Your VPNs now work fine in both directions and we run a 4 channel SIP trunk with no problems. We also tested this setup using Juniper and Netgear firewalls in PPoE mode without problems.

 

 

0 Kudos