Alright I am working on my VPN and I don't have a whole lot of knowledge but I will try to explain whats going on and what are the problems.
1. We have a Cisco VPN 3005 currently connected directly to our internet router with an external IP and a internal interface connected directly to a internal switch.
2. We have a Cisco PIX firewall that is setup with an external interface, internal, and a DMZ interface.
We would like to have our VPN either behind our PIX or have the internal interface connected to the PIX so we have some protection.
We are also having problems with Internet connectivity when logged in to the VPN I can ping internal but I have no external ability. (I have not tried an external IP so it could be a DNS issue.)
Can you go through the VPN and have web browsing capabilities?
Can you have the VPN behind the PIX firewall and does that do anything that cause problems?
What would yall reccommend for this type of configuration with the PIX and the VPN?
Something else is we are looking at a new internet connection and the old one will still be in effect for a while, so we are thinking about using it just for the VPN. If we do this how would that effect our setup of the PIX assuming the the PIX would use the other internet connection and the VPN?
Well Ciscos design guides recommend putting it in parallel with your firewall. Then all your VPN traffic transverses the concentrator and the PIX is out of the picture. I would think if you try to keep it behind the PIX, youll run into problems. Give your Cisco rep a call for help in your design.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :