We currently have a PIX 501 at a client site. Everything is working great for the internal services that are required by remote users (smtp, www, etc..)
We have configured the VPN to use a local user db for authentication with the MS VPN client. We require the ability of the VPN users to access the internet via the VPN to the office network.
What is the best way to allow this to work correctly and most importantly securely.
Also, is it best in a situation with an MS AD network on the internal interface to use RADIUS on IAS to authenticate against the AD accounts to minimize management tasks? Would it also be best to let the DHCP server on the Win2k server issue IP's to the VPN clients?
I apologize for multiple questions in the same thread.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...