First of all, a late happy new year & a good weekend ;)
I have this problem setting up a VPN between 2 sites. In our main site we have a Pix 515 configured with an private IP address on the external interface. The inside interface has a public address, so there's our DMZ. If you wanna know why I have a private external ip, read Q15 of the FAQ ( http://www.cisco.com/warp/public/110/pixfaq.html#Q15 )
But now I want to have our branch office to have full access to those servers, so I installed a Pix 506 at a branch office. But there I got the problem I can't get to the private external IP of my PIX @ the main office.
FYI: Between the internet-cloud & the pix, there offcourse always a router (a 1603 @ main site, a 827 @ the branch office).
How can I solve this problem? I first thought of setting up the VPN with the internal (public) interface of the Pix 515, but that doesn't seem to work. (I can't access both internal/external interface from the web!)
The only thing I can think of is terminating your VPN at the outside router or maybe the inside router (statics and conduits to the outside of the PIX). I know in current PIX code you can terminate the VPN on the inside IF but you still have to have a publicly routable IP address on the outside of the PIX to make this happen. What if you setup a static and conduits for Ipsec for the inside interface of the PIX to give it a public address on the outside? Never tried it and I bet nobody else has either but it might work. It might mess things up too. I would call Cisco for advice. Good luck and let us know what you come up with. Anybody seen this?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...