I have a network (called A) containing 150 hosts and an existing Internet connection. Now I will place a Pix 501 parallell to the current firewall, connected to internal network as well as Internet. I will be able to establish a LAN2LAN-VPN from another site (LAN B) to manage the servers in this network.
All hosts in the network (A) has the current other firewall as default gateway. However, this def gw firewall will have an internal route to the external network (B) pointing towards the inside interface of the new pix.
I will from B only access a few hosts at the same time on LAN A via the VPN-tunnel. I will never connect from LAN A hosts to the B network.
Question: Can I use the 10 users licens of Pix? I know that Pix licensing is using MAC-adresses. Does only hosts communicating thru the Pix count? Or will all hosts on network A count?
Only hosts the PIX sees will count towards the licence, that is, hosts that have translations and connections built thru the PIX. If only 10 hosts on NetA are ever going to go thru this PIX over the tunnel then you should be OK.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...