Given I have a 2610 setup as a tunnel end point sitting in the DMZ with one ethernet interface connected to a PIX with a crypto map applied to that interface - Do I need a second ethernet interface to connect to the PIX to bring decrypted traffic inside?
I dont quite understand the explanation of your topology. It sounds like you have a 2610 connected to the DMZ interface of a PIX and to the Internet? Or are you decrypting the traffic on your DMZ, the outside of the PIX? Why dont you just use the PIX as the end-point of the tunnel if the traffic ultimately needs to get inside anyway? I guess a little clearer understanding of the topology would help.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...