Around 300 dialup clients are connecting to my PIX from various public ip assigned internet pc's,whereas they will be assigned an ip from the pool of my pix to access my LAN.Now we are moving to all the clients to cisco isdn routers with IPSec with ISAKMP certification.They will be connecting to an ISP and it will be routed towards us.
The problem is, as we cannot disturb the existing dialup clients setup,the idea is to make the PIX to have two certificates to issue to clients for dialup and ISDN router clients vice versa.
My doubt is, can pix have two certificates like this and will this work, or any other idea to make this...any sample config if possible ?
Also while dialup the IP will be assigned to clients from our PIX pool. Now will router accept the IP address like the same ? if yes any configuration will help us...
If I'm not missing something, I don't think holding two certificates is required. The certificate plays no role but to prove the identity of the device, and it can be used regardless of the device on the other end. Only, the remote device should support certificates too.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...