I have a Cisco 1700 router hanging off an ethernet port on my PIX. The router needs to be able to create a VPN through the PIX and yes it has to go through the 1700. If I have the device connected directly to port ethernet 5 what commands do I need to use to allow the VPN to go through the PIX?
You will first need a static NAT for the vpn device, then you will need to add an acl:
access-list VPN-IN permit ah any host x.x.x.x
access-list VPN-IN permit esp any host x.x.x.x
access-list VPN-IN permit udp any host x.x.x.x eq isakmp
the 'host x.x.x.x' should be the global address (NATTED Address) of the cisco 1700.
Assuming you are terminating with another VPN device on the internet you would want to apply the ACL to the outside interface.
If this is for a site-to-site you can change the keyword 'any' in ACL with 'host x.x.x.x' which would be the other vpn device. If this is for a remote-access VPN then leave the 'any' keyword, as would not know the ip of clients connecting.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...