We are in the process of moving away from the current firewall/VPN solution to a PIX/3000 Concentrator solution. We have approximately 120 vpn users that connect back to our headquarters using VPN software...no LAN-TO-LAN connections.
We do NAT for all internal address's to the internet. Our current firewall NAT's the incomming tunnels to out internal network. Our internal address scheme is a class A address but with a class C subnet.
The problem i have here is that with the 3000 concentrator works with address pools to distribute out addresses to all VPN connections. We do not have enough internal addresses to handle all the VPN connections also.
My question is...
1. Can the concentrator be setup to route an address pool with a different subnet to the internal network?
2. Can I NAT the incomming tunnels to out internal network?
I have asked these questions to my Rep but have yet to hear back. I was wondering if anyone in the group would be able to answer this.
I would love to go with these concentrators but I won't be able to unless I can resolve this problem. I don't have the option at this time to make the switch in the address scheme.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :