I have a network with a 3660 on the perimeter and a PIX520 before my inside network. I want to allow external workers access to our network through VPN. I have read some documents and wanted to know - which is better to use a 3660 router or a PIX to establish the VPN tunnel ??
If PIX - do I have to produce a static IP for the outside interface which everyone can see ?
Reason for that question is that my traffic is NAT from the firewall to the 3660 and then NAT again to the outside ip range. so the pix outside card is a private address range at present.
I would recommend you to use PIX for vpn termination over 3660.And you need static public IP address for the outside interface.Incase you don't want to change your network NAT structure then you can use encryption card on 3660 to enhance its encryption and tunneling performance.
Thanks for this - I'm looking into the module. I presume I would use the 3660 if I used the card rather than the PIX or would the card just pass trafic to the pix and the pix still etablish the tunnel ?
Could I use a static NAT on the 3660 for the PIX card ? Isnt this a security problem or should I say a bit more open if the PIX interface cards have public ips ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...