I have a question. If I have a few (4) small remote offices, and want to use GRE tunnels over IPSec VPN's, back to the main office 2651 router...how does that work as far as having my PIX behind the 2651.
The 2651 will have the Internet T1 coming into it, and the PIX's outside address will have a public IP. Do I just create access-lists on the router to forward the remote office subnets to the pix, and/or acl's on the PIX to allow the remote office traffic?
So if I understand you correctly, you have the following topology:
And all your GRE tunnels will be terminated on the 2651 router. Int his case your PIX will only get the IP packets after they come out of the GRE emcapsulation. hence the PIX should only be allowed for the IP packets to the inside network. As for the IPSec/GRE termination, the 2651 can handle it as the hub without much problems (note: PIX doesn't support GRE termination)
Yeah you would be adding the Static route's on the PIX to return those packets back to the 2651, just make sure that the Syntax of that points to the 2651 inside interface as the next hop, not the PIX outside
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...