(Note: This message was posted as part of the "Ask the Expert" Event on configuring Cisco IPSec VPNs that took place December 11 - December 21. Feel free to respond to or form discussions around this question.)
Design question - I have three 3005s. The 'hub' site is connected in parallel to the PIX. (Outside int on the outside segment, inside int on the inside network, my preferred way to connect them.) The two remote sites only have an internet router directly connected to the inside network. Can I connect both the inside and outside interfaces onto the inside network (same subnet)? One site is using public address space on the inside network. That may work, I haven't connected that site yet. The other site is using private IP space on the inside and the internet router is NATing the inside addresses to the public address being used on the Dialer (ISDN) interface using overload. This is the site I am currently having problems with. Should this work if I add a static NAT statement for the 3005 outside interface? Should/Could I use a secondary network on the router to talk to the outside interface of the 3005 on a different subnet? (The internet router is a 1600 that belongs to the ISP or maybe I could terminate the tunnel on the router?) Any suggestions/comments? Thanks!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :