I am currently running a VPN Concentrator 3005 in parallel with our PIX 520 Firewall. I would however like to increase security buy having the "private" address be part of a DMZ on the PIX 520 and then translate that into an internal IP address pool.
Currently, I have an "outside" internet address and the "private" address goes directly into the internal IP address pool.
So, I guess the question is whether anyone has setup a VPN 3005 Concentrator with a "private" IP address into a PIX Firewall DMZ and then translate into the internal network IP address pool?
The recommended setup is to run the concentrator in Parallel with the Firewall, not off the Firewalls DMZ. With the right combination of Network Statics from the Inside to the Perimeter and conduits to the concentrator from the outside I would think its doable. Has anyone tried this?
We are using a 3030, hopefully this will apply to you as well.
Due to concerns our security department had about running in parallel, we put the public interface into the DMZ (using NAT on Checkpoint FW). We also put the private interface into the DMZ in a separate subnet. Works great.
I believe this sounds exactly like what I am after. Did you get your examples for setting this up from Cisco or on your own? I am uncertain about how to get the public DMZ interface translated into the internal address pool.
If you have any examples you could send my way or a URL that might be helpful, I would greatly appreciate it!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :