Does anyone know or have experience in the following.
Is it possible to have a PIX and VPN concentrator running side by side. PIX would be for Internet access in/out and conentrator would be for VPN clients connecting over the internet to access internal servers.
Running a PIX and a VPN Concentrator in parallel is a fairly standard setup. I have a small switch hanging off the inside interface of my router and plug the PIX and Concentrator into the switch. Depending on how you configure the Concetrator the VPN clients could have all, some or no access to resources on the LAN.
Like Travis said, it is a fairly standard setup to have the Pix and VPN running side by side.
If your internal network is flat, this is fine if you are only doing remote access by clients. The problem arises when you try to do LAN to LAN tunnels. With a flat internal network, the firewall is your default gateway. In order to get clients to send data to the remote networks, through the VPN, you would need to add route statements pointing them to the VPN concentrator. The other options would be to either put the inside of the VPN off a DMZ on the firewall, or install a router on the internal network.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...