I have some clýents who stay at outside part of PIX, and they must connect to all sites at inside part of the PIX. I can't write static NAT ( there are a lot of sýtes ) to all sýtes. Is there any way makýng NAT for outside IPs. I wrote it. But it didn't work.
One solution is to have static translations for all your internal hosts and allow connections from the outside by using access-lists/conduits. This is almost impossible to implement and makes your internal network extremely vulnerable.
A better solution would be to use VPN connections from your outside user's PC to the PIX. This way they will the ability to access all sites on your internal network without a complicated configuration.
You will need at least one static, registered ip address available to map to an inside host which is providing VPN services. Once conntected to this host, you can access resources on any network host that is normally accessable from the internal LAN. Unfortunatly, with the mechanics of PAT, and its modification to the associated TCP port, I do not know of a way to access an internal host without access to a VPN, other than a one to one mapping, which would require even more registered IP's. PAT provides "one to many" going out, so it makes coming in dificult. If you want outside traffic to access internal systems, then you need at least one more registered IP.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :