I currently have a Cisco 677 ADSL unit connected to our ISP using a dynamic IP. A PIX 506E is used as a firewall that connects the 677 to our corporate network. The current configuration allows users on our corporate network to access the internet. But, we also would like to allow remote users to access our corporate network using a VPN connection. Is this possible using just one dynamic IP? I have registered with a dynamic DNS service so that remote users can point back to us - but it seems that I am only pinging back to the 677 and am not able to get through to the PIX. Am I missing something? Thanks in advance for any help on this.
It is possible but not with your current equipment. The pix doesnt support a IPSEC/NAT connection. VPN3000 does. The pix requires that you have a static or NAT (one2one) translation in order to connect with the vpn client. You could set up a Lan2Lan tunnel, but your 677 doesnt support that. Need a pix or a router on your client side.
Well, your ip address can be done through DHCP, as long as you are not being port address translated by the isp, you will need to have a public ip address. The 677 acts like a bridge right? So the ip address you get from the isp should be on your PC? winipcfg. If this is the case you should be able to connect to the pix. If you are using ICS though and trying to connect additional pc's, then yes you will need more ip's for those pc's.
So the 677 is doing nat for your pc. If you only have one pc, then you can set it up in bridging mode so that the 1 ip goes straight to your pc. Then things should be fine. If you have multiple pc's, then you will have to get multiple ip's or get like another device to do a L2L tunnel.
Oh boy, I don't think that will work since the outbound side is serving the corporate network for browsing the internet. So, internally the 677 is being shared by many PCs to gain access to the internet. Am I stuck?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...