Sort of complicated designing task I got. Please have a look at following scenario of mine.
Problem: How to configure 2 leased line on Cisco 515E PIX
Description: In my environment I have
-1 Cisco 1841 router with WIC2-T card.
-1 Cisco 515E PIX
- 1 leased line is already configured and used for VPN access and for internet
Proposed Scenario Need to configure additional leased line to divert HTTP/Internet traffic on new line. Existing VPN will remain on existing link.
Conclusion after Googling:
- I need 6.3.3 version os in my PIX
- Policy based NATing will be used
Doubts After upgrading os will I be able to use Policy based NAT feature for sure? Any1 tried this before? Or shall I purchase additional ethernet card for PIX?
I have configured Public WAN IP on router as usual. And configured fa 0/1 int and connected cable to PIX's 3rd port. Havent configured PIX's 3rd ethernet which is reserved for DMZ. But we are not using DMZ.
Any hints, clues on this ?
Would be glad if you can give an example of Policy based NATing.
Goal is to configure new link in such a way that all HTTP traffic will go through this new line while existing VPN will remain as it is.
PIX Firewall Version 6.3(2) introduces Policy Network Address Translation (NAT). Policy NAT allows you to identify both the source and destination addresses in an access list when specifying the local traffic to translate. This feature lets you use different global addresses for each source and destination pair on an interface, even if the source address is the same for each pair. Without policy NAT, you can only specify a single global address for a given source address, because the destination address is not considered. To configure policy NAT, use either the static or nat commands.
Refer the following url for more info on policy NAT:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :