This type of deployment does seem to be a little on the 'lets make it complicated for 5the sake of it'
I would think that putting a 2600 as a gateway router just to pass Internet traffic is like overkill when a simple DSL modem (that supports VPN pass-through) would suffice and let the PIX do all the firewalling and authenticating, but that's what the client has actually purchased - before we got involved, I hasten to add!
But if the only way is to configure the router and PIX in the manner you suggest because they only have 1 routable Internet address - then so be it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...