I am going through setting up VPNs. I have a security question thou. I have a 3660 and PIX. The 3660 is my outside router which is connected to the outside interface.
I NAT from the instead to another range between the PIX and 3660 and then NAT again from the 3660 to internet addresses.
I have this question - which is better to let the PIX outside interface have a internet IP therefore allowing VPN connection to the PIX or getting VPNs to connect to the 3660?
Is there a way to connect to the 3660 then pass it through to the PIX for auth ??
Which is the higher security risk? Would it be better to have a VPN accellorator in either and which one has the better VPN security with these cards. The PIX is a 520.
Thanks for any pointers