OK here is a scenario I am having trouble with. My desktop server was connected to our old Pix firewall and I was able to VPN into it. Since then we moved the desktop Server to the new PIX and changed the main gatewya to the New Pix and also had the old PIX gateway listed as well. The only problem is that the new PIX doesn't have VPN access on it. Basically we are using the Old PIX as incoming traffic and the new PIX as outgoing traffic. What do I need to do for it to allow me to VPN in the server when i need to? Cause we really don't want VPN access put on the new PIX, we want to be able to get in to the server through the Old Pix and the New Pix for outgoing traffic. Any ideas would be helpful.
For the PIX to work propely, outgoing traffic and incoming traffic should pass through the same firewall. This is required since information about outgoing packets is cached and traffic is let in based on this information. The only thing that I can think of is to move your server back behind the old pix, to use a router in front of the PIX firewalls and have it direct traffic to one of the two firewalls depending on whther it is intended for the desktop Server or not. You should also keep the two segments isolated except for the connection through the router.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...