Attach one 1 the routers (Internet Router) into the internet vlan and give the Eth or FE IP address of 22.214.171.124/8
Connect the PIX515 (Firewall 1) into the internet vlan and give the outside interface an IP of 126.96.36.199/8 with a default route pointing to 188.8.131.52
Create another vlan called "sitea" and connect the pix inside interface into it and give it an IP of 192.168.1.1/24. Connect another router (Router 1) to the "sitea" vlan and give the ewth or FE an IP address of 192.168.1.2/24
The router with the crypto image (Router 2)- connect it's eth or fe to the "internet vlan" and give it an IP address of 184.108.40.206/8 with a default route pointing to 220.127.116.11. Create a loopback interface say 0 with an IP address of 192.168.2.1/24
Then create the VPN between Router 2 and the PIX. The VPN src from Router 2 is the loopback0 IP network (192.168.2.0/24) , and the src from Router 1 is the FE IP network (192.168.1.0/24)
Just spit balling - try it out, then troubleshoot it if it does not work first time around (good excercise!)
The router with a large enough flash and enough memory to run the image - the IOS download tool will tell you that.
The loopback config is easy:-
interface loopback 0
ip address x.x.x.x y.y.y.y
x.x.x.x = ip address
y.y.y.y = subnet mask
NO - this is creating a VPN between the PIX and Router 2.
As I think most of the routing devices you have only have 1 ethernet interface, it's quite limiting. But the PIX has 2 interfaces, inside and outside - so the VPN terminates on the outside interface and the un-encrypted traffic passes thru the inside to router 1.
Router 2 sadly has the VPN and LAN access on the same device - if you had a router with 2 LAN interfaces the desing would be different....you could then setup a vlan calles "siteb" then connect 1 interface from that router into the "internet vlan" and the other interface into the "siteb vlan", THEN connect ANOTHER router (router 3) into the "siteb" vlan to be the layer 3 routing device for that lab site.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...