Hi, central site has a PIX 506 and the remote sides are a mix of PIX to broadband, router to ISDN and Dial-up clients. Customer cannot get static IP at each of the router (ISDN) sites, therefore I need to make the link to the central site with dynamically assigned IP address on the router's public interface. I've tried not to both by using a VPN Client on each PC behind the routers, however (I believe that I'm correct in saying this) because the routers NAT this doesn't work.
Actually if you use Static NAT (One to One translation) then this should work for the Clients coming in from behind the Router connecting to the PIX Firewall, but if you do PAT on the Router for the VPN client going out then because no IPSEC/NAT is being done in case of PIX this will not work.
Thanks for the response, but having played with it a lot I have got it working without static nat. I believe that you are absouloutely correct in what you say, but if you make the router and the PIX the two end points and then by-pass NAT for IPsec traffic it will work. The problem is if you want to make your PC and the PIX the two end-points. In that case you would indeed be forced to static NAT.
Got there in the end! Incidentally if anyone wants a copy of the config e-mail me.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :