I'm not an expert, as I'm still trying to get things dialed in on my PIX, though I think I can help with a few of your questions.
I'm going to guess you are talking about IPSec, as NAT Transparency is not an Issue with PPTP, not sure about L2TP, I think its bundled with IPSec.
NAT Transparency is the ability to terminate an IPSec VPN Connection from a client that is being NATed. Normally IPSec does not allow for modification of the Packet in transmission so that when it arrives at the PIX its unaltered. If your Client is behind a LinkSys or other SOHO router, that router probably does NAT. Converting your Inside IP to a Public IP. That conversion alters that Packet and the PIX sees this and drops the Packet.
In some SOHO routers you can configure it to allow IPSec Pass-through and allow one client on the inside out and not affect the packet. Though it is spotty at best. I have two LinkSys Routers and it works with one and not the other.
As for termination VPN Connections, the Setup of the PIX would depend on the type of VPN you are implementing. PPTP is pretty quick and easy. IPSec was more complicated for me to get going. The issues I've been struggling with are Authentication, Who's doing it and how the PIX communicates to it. The PIX can authenticate users by itself or with RADIUS, IAS, TAC/ACCS+, ACS, Cert Servers, etc.
Im trying to use a MS CA Server and having issues. )-;
I guess my confusion is with the PIX and NAT transparency. I guess that if a vpn client is going through a pat/nat device, then the pix will drop the pkt, but if youre doing pix - to - pix, it should work ok .... I think this is right. Please correct me if I am wrong.
With regards to VPN connections, do I need to open anything up on the PIX, if not ... how come ?
So you setting up PIX to PIX VPN? Then You would not need NAT Transparancy as both of the OUtside Interfaces onthe PIX should be on the Internet. Unless of course you are being NATed by your upstream provider.
For a PIX to PIX VPN you can connect the two together by using IPSEC and Preshared Keys. Its the quickest and most straight forward.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :