Can a single internet connection on the Pix support multiple VPN tunnel endpoints to remote offices? In other words, can I connect my pix to a single internet connection using my outside interface, and simultaneously connect several remote VPN offices (such as 1700)?
As an extension of the earlier question, I have a PIX firewall acting as a VPN concentrator for multiple VPN tunnels. However the remote ends (spoke ends) are on dial networks.....making it a VPDN connectivity. How can I configure different isakmp key for each VPN customer? Since the remote IPs are not fixed how do I define different keys to different customer in the crypto map?
Will dynamic keys solve my requirement? Also note that currently I do not have any AAA server inside my network.
Now I understand that dynamic crypto map can be used to provide VPN connection to any unknown customers coming from the internet. But how will I be able to give dynamic keys to each of the VPN connections?
I hope my question is clear. In static crypto map I can give a pre-shared key for authentication. How do I do it when using dynamic maps? Any pointer will be highly appreciated.
This is a pointer I got on CCO. Is this appropriate for my scenario?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...