I have a vpn concentrator 3000 and it has 3 interfaces. One is the private or inside interface, the other is the outside or public interface and the 3rd is the "external" interface.
What exactly would that 3rd interface be used for? Now I have a dmz that I would like to allow to vnp into the inside network. Could I designate the external interface as a "public" interface to allow the dmz to vpn into the external interfce? What would happen if I had 2 public interfaces?
VPN3K 3rd interface (external) function is similar to the private/public interfaces. You can use it to connect your other segment/link,dmz,extranet,partner networks.
You can treat this interface similar to public interface where you need to assign filter to allow specific type of services,protocols and enable proper routing into your internal network.
You can have 2 different external/public networks connected to this box. However, you can only have one (1) interface designated as 'public', which is by default the Public Interface.
In Cisco VPN doc :
Public Interface -- To make this interface a public interface, check the Public Interface check box. A public interface is an interface to a public network, such as the Internet. You must configure a public interface before you can configure NAT and IPSec LAN-to-LAN, for example. You should designate only one VPN Concentrator interface as a public interface.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :