[nsp] PIX 501 + dec traffic
Eric Pylko
eric at infinitenetworks.us
Tue Jun 22 21:29:54 EDT 2004
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Rainer Borromeo
> Sent: Tuesday, June 22, 2004 5:00 PM
> To: ronen at conticomp.com; cisco-nsp at puck.nether.net
> Subject: Re: [nsp] PIX 501 + dec traffic
>
> Do you have a config you can share? Did you run GRE to pass the decnet
> traffic? The VMS system will be phased out within the year and I was
> looking
> to purchase the most cost effective solution that will accomplish passing
> decnet in the short term but will primarily only pass IP traffic long
term.
>
You have to have a router that can do GRE and DECNet. Cisco's Feature
Navigator says DECNet IV is GD in 12.2(24a) which appears to be for the
25xx, 26xx, 36xx, 7100, 7200, and 7500. You'll probably need either the
Desktop, IP/IPX/AT/DEC, or Enterprise feature set.
You'll only need one ethernet interface on the router. Your config would
look something like this:
hostname r1
decnet routing 1.1
interface ethernet 0
ip address 1.2.3.4 255.255.255.0
decnet cost 1
interface tunnel 0
tunnel source 1.2.3.4
tunnel destination 5.6.7.8
decnet cost 2
hostname r2
decnet routing 3.3
interface ethernet 0
ip address 5.6.7.8 255.255.255.0
decnet cost 3
interface tunnel 0
tunnel source 5.6.7.8
tunnel destination 1.2.3.4
decnet cost 2
That's from memory, but I think it is correct. Of course, adjust the IP
addressing and DECNet addressing to your sites. You don't need to have an
IP address on the tunnel interface, but you could put one on there for
troubleshooting purposes.
As long as your PIX is set to encrypt the correct traffic (probably is by
default), you should be all set.
-Eric
> ----- Original Message -----
> From: "Ronen Isaac-lists" <lists at conticomp.com>
> To: "'Rainer Borromeo'" <rain at support.temark.com>;
> <cisco-nsp at puck.nether.net>
> Sent: Tuesday, June 22, 2004 1:30 PM
> Subject: RE: [nsp] PIX 501 + dec traffic
> > Hi Rainer,
> > We setup one of these networks for one of our customers last month and
> > everything worked great. They are now retrieving data from an Alpha
> > running VMS over a 3DES VPN tunnel created by 2 PIX 515s. Since the PIX
> > 501 and 515 I think that VPN would be a viable and low cost option.
> >
> > I hope this little bit of insight helps.
> >
> > Kind regards,
> > Ronen Isaac
> > Continental Computers
> > 310/416-1200
> > 310/350-8456:cell
> > 310/416-1443:fax
> > ronen at conticomp.com
> > www.conticomp.com
> > AOL IM: ccro02
> >
> >
More information about the cisco-nsp
mailing list