New to the VPN side of things. I have a PIX 515E which, going outwards, connect to a C3660 unit then to the internet. I want to connect remote clients through VPN to the inside network. Now I understand I have to give the PIX a internet IP. So my questions is - is it safer to use a logical interface for this rather than the physical one ? Thus seperating the traffic. Whats the safest way ? or can i let it connect to the C3660 and pass it on ?
Yep I have loads - well enough ;) I was wondering if its more secure to have a seperate one especially due to the access-lists etc. The way its setup is its a nat'ed address range from the pix to the router and then nat'ed to public ip in the router.
I rereading the VPN setup info from the manual. I'm getting a bit confused on access-lists.
It talks about crypto access-lists for static maps (which I assume is really only for Lan-Lan traffic. I'm unsure about dynamtic maps thou. How is it linked to which traffic to let through and which not too ??? The cisco examples are really poor.
I also have a problem with the authorization-server-group in the tunnel-group. It says "ERROR: Only "LOCAL", "radius" and "ldap" protocols are supported for WebVPN authorization." Yet this group is for IPSec not WebVPN??
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :