We are using a PIX515E with just one router connected. We're installing PACS and Philips implementation specialists say they will install a new T1 line plus router which will be solely used for backup of PACS images.
Here's my dilemma: will I need to use another interface on the PIX to connect the router? How will I configure the PIX so that data going to that T1 goes only out that interface as it will need to be encrypted also?
Well this will depend on how you want to design and what are your security requirements. But my suggestion will be to use a different interface to connect to this new link if you are not terminating tunnel on the pix. As they will have a network which can be routed off this interface to their backup devices.
But if you can terminate the tunnel on the pix or if you donot have an interface to spare (so no other option) then you can use the outside interface as well for tunnel end point. It will be good if you provide details of the design requirements and security requirements.
1.- Use a second physical interface ( easiest way to do it in your scenario ). You will need to terminate a VPN on this interface for the PACS that you are talking about.
2.- Use one physical interface and two subinterfaces ( if you software suports it). This will require you to have a spare switch for creating 2 VLANs ( one per ISP link ). Connect the routers to the switch on their respective VLANs. Configure one interface on the PIX as trunk and connected to a trunk port on the swtich. Create subinterfaces on the PIX and allocate them to the respective VLAN.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...