I've noticed that the sample configs for the Pix as VPN Head-end are different from the VPN 3005 config samples. While both work fine if the VPN device is reachable from the default network, the Pix config doesn't work well if there's another router on the network which the internal machines are using as a default gatway.
The VPN 3005 configurations for VPN Software clients utlize a client IP pool from the inside interface of the VPN 3005, and the VPN 3005 the Proxy-Arps for these clients -- This is handy because it will work without having to change all of the internal client machines to a new default gateway.
However, the Pix config examples always seem to use a different IP subnet for VPN Client pool, which then requires either pointing all internal machines to the Pix for their default gateway, or adding another route statement to whatever device is the internal default gatway for servers.
My question is: Is it possible to define a Pix VPN client pool from the inside interface's subnet, and if so will the pix then Proxy Arp for those VPN clients the same way the 3005 does? The Docs for the Pix don't seem to give any requirements one way or the other for the Pix's VPN client pool.
I have always configured a separate IP POOL of addresses for incoming clients on a PIX. It may be because of the Proxy arp, but without confiuring it this way the clients cannot access resources inside the LAN.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :