Current plans are for 3 or 4 remote offices to terminate to the 2620XM. Each office is relatively small (3 or 4 users currently using dial-up).
I will be using 2620XM using IOS Version 12.3(15a), and 837 using IOS Version 12.2(13)ZH4. I believe those versions have the necessary feature set.
Remote offices will have ADSL with speeds between 256-768k.
I guess I really have 2 concerns:
1) Since the 2620XM only has one fast ethernet port, will I need to create sub-interfaces for the traffic (ie: one with an external address and one with internal)?
2) With the routing, from the border router, do I need to route to the internal or external address of the 2620xm? Also, I believe we have multiple border routers (several different connections to the internet), so will I need to specify a particular route on the 837's, or will I need to configure the routing to the 2620xm on each of the border routers?
Our setup is slightly more complicated than the lab environment provided in Cisco training classes, so I'm getting a little confused with the logical setups.
can u revert whether your border router ,perimeter router and your pix outside interface ip falls in the same ip block ?
if yes for which basic purpose you have put the 2600 router in between the pix and border router ?
Quite sometime back i have tried doing dynamic ipsec peering with some sites by binding the cyrpto map under a subinterface which didnt work for me and we recitied it by putting them on a whole new induvidual interface after which it started doing fine.
i have question for you here you cant you think of terminating ipsec tunnels in your PIX or if u feel thats not the secured way y cant ur border router. though i m not aware of the loading and the link conditions in border router i just want u to check out the feasible ways in getting the tunnels terminated.
I believe all outside interfaces do fall on the same IP block. I'm still waiting for the formal documentation to determine exactly how everything is laid out.
I do have a PIX available (515), but I was sent to class and it only covered site-to-site VPNs using routers. Other than just being given the PIX, I don't have any experience using a PIX at all.
The original design was to terminate the VPNs to the PIX, using EZ-VPN, but the previous engineer was not able to get it working and the documentation left was not very helpful.
I don't have complete access to the perimeter/border router, and the person in charge is not totally committed to the idea of this site-to-site vpn. I can get routes added in the perimeter, but I don't think I'm going to be able to get authorization to actually terminate the vpn connections on that router.
Because it only has 1 fast ethernet interface, would I be better off getting something other than a 2620xm? Do they make a fast ethernet WIC for the 2620xm, or would I need to move up to the 2621xm? I can get other equipment. I believe I have a 3600 available as well, although the RAM and flash may be a little lacking.
If I can get these 3-4 sites working, the idea is to create a secondary vpn network company-wide. We obviously don't want to commit a lot of financial resources until we have a working model.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...