I posted this one in the General VPN discussion without success. I thought I would try it here.
I am in the process of setting up 3 branch sites to one headend site with a Hub and Spoke design. All spoke sites will communicate with each other as well as Internet access through the Hub site via a 1721 router at the Hub. All VPNs will terminate on the S0 int of the 1721. Then if they want Hub LAN access they will continue through fa0. If the hub sites want Internet access, they will redirect off the S0 and out the T1. I have a Pix 515 that I would like to implement in the design. The only thing is I only have the 1721 router and one T1 to the Intenet from the S0 of the 1721. If I put the Pix behind the router, the Hub LAN will have go through the firewall for Intenet as well as VPN traffic which is fine. But the Hub Sites coming in with Internet bound traffic will not pass through the PIX. I would like to put the Pix in front of the router like in the following diagram:
Internet ->Pix->1721 VPN router->Hub LAN.
This would be fine because Internet bound traffic from the Spokes would redirect off of the S0 of the 1721, and then pass through the Pix ACLs before getting to the Internet. The only problem is that there is not a T1 CSU/DSU card for the Pix.
Question - Does anyone have a suggestion of how I can accomplish all Internet bound traffic to pass through the Pix with only my one T1, VPN router, and Pix?
What do you mean by dirty hub? My main problem is that I need a T1 CSU/DSU to connect to the Internet and I only know of a router that can do this. Is it possible to take a standalone CSU/DSU and cable it to the PIX with CAT5?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :