I am new to setting up a VPN client config on the PIX using a 515e and 6.1.4 software. I am using the config at the URL below and have a question on the ACL. If the internal network is actually using 10.1.1.0 for example in our network should I exlcude it from the ACL? We are using this address range for PAT with a couple of servers also (static/conduit). If this is the case I think I should just use 10.1.2.0 for the VPN clients right to bypass NAT? If this is the case how is routing handled between the subnets if they need to access the 10.1.1.0 once they connect over the VPN? I assume this is like a virtual subnet and the PIX will do all the work but wanted to make sure.
I think what you did is correct. The NAT 0 cammand will just bypass the NAT/PAT. The routing between the VPN clients and the internal subnet will be taken care by the PIX, since you just have one internal subnet and that is directly connected to the PIX. Only for the outside (to internet) you would need a static route on the PIX. Hope this helps you.
I discovered the ACL is to be used for the NAT 0 command. The NAT 0 command is used to bypass NAT as the packets are routed from the inside subnet to the VPN subnet and thus do not need NAT. Read the ACL as from source to destination (duh) and this makes sense.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :