Since I only have 1 public address on the Cisco 1720 adsl interface, how can I setup both the cisco 1720 adsl router and the pix 506 in order to have a VPN to the enterprise network. Can the 1720 do bridging so that the public address goes to the pix 506?
I believe this will work. The tunnel should exist between the adsl router and the 1720. The adsl router should have a filter list (ACL) for the address space of your Enterprise network. When packets match the filter list there sent out the tunnel to the 1720. On the 1720 you will need to have static route statements for the Enterprise network space, which point to the interface of the PIX that's connected to the 1720. So when you try and connect to an address on your Enterprise the adsl router sends the packets through the tunnel encapsulating the actual header using ESP. At the 1720 the ESP header is striped off and the original header is revealed showing the Enterprise address. At that point the 1720 should forward the packet onto the PIX, because of the static route statements and youre in. I believe that should do it. Please someone correct me if I am wrong.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...