07-10-2006
03:49 PM
- last edited on
02-21-2020
11:45 PM
by
cc_security_adm
Hi,
I have a network with a 3660 on the perimeter and a PIX520 before my inside network. I want to allow external workers access to our network through VPN. I have read some documents and wanted to know - which is better to use a 3660 router or a PIX to establish the VPN tunnel ??
If PIX - do I have to produce a static IP for the outside interface which everyone can see ?
Reason for that question is that my traffic is NAT from the firewall to the 3660 and then NAT again to the outside ip range. so the pix outside card is a private address range at present.
Thanks for any help or thoughts on this
Ed
07-10-2006 06:43 PM
Hi Ed,
I would recommend you to use PIX for vpn termination over 3660.And you need static public IP address for the outside interface.Incase you don't want to change your network NAT structure then you can use encryption card on 3660 to enhance its encryption and tunneling performance.
cheers
Sachin
07-11-2006 03:54 AM
Hi,
Thanks for this - I'm looking into the module. I presume I would use the 3660 if I used the card rather than the PIX or would the card just pass trafic to the pix and the pix still etablish the tunnel ?
Could I use a static NAT on the 3660 for the PIX card ? Isnt this a security problem or should I say a bit more open if the PIX interface cards have public ips ?
Thanks
Ed
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: