I am using a PIX 501 6.3 on a dynamic BellSouth DSL circuit, also I want to setup VPN access fron the outside.Is there a way to configure the PIX to respond to a request from outside after the IP address was changed by the ISP?
Nope, not impossible at all. The PIX does not care what the IP address is that is assigned to the IPSec interface. The problem is that your VPN clients will most likely not know the outside IP address of the PIX if it is constantly changing. Practically, this becomes a nightmare to scale and support. If you have a DHCP address on your PIX that doesn't change too much, and only a few clients, you should be fine. I personally use a PIX 501 in a cable enviro at my house and VPN in from time to time. Hope this helps.
Thanks. I will have only 3 remote access VPN connections and one site to site(I think), so management wont be too bad(I think) because the DHCP gods are on my side, I have only changed my IP once when moving to my PIX 515.
On another note, have you any experience with the L2TP/IPSec client that is built into Mac OS X(10.3) and connecting (VPN) to a PIX?
This is encouraging news, one question though. If I am resolving the IP address with a dynamic address service i.e (dyndns.org) and use the name "rscs.dyndns.org" in the address field in the client settings, will the client connect or does it require the actual IP Address to make the connection?
Also I am setting the DSL circuit up in this configuration.
First I set the router/modem into a bridged mode, second I configure the PIX 501 in a PPPoE setup managing the username and the password for the connection. Is this correct or is there another way to configure this that is more reliable?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...