Just got a pix 515E but have a problem with designing my current with this new device. I hope any expert here can kindly provide me with some advice. The problem goes here...
My one and only router have 2 interfaces(fa0/0<connect to my ISP 100.100.100.2>, fa0/1<internal network 10.10.10.1/24>). It performs NAT that translates all 10.10.10.0/24 ip addresses to 100.100.100.2. On top of that, it also does site2site VPN with another network(10.9.9.0/24) with all the configuration inside this router. What the other side sees our network is 10.10.10.0/24.
The Cisco PIX 515E that we just bought has 6 interfaces. what I intend to do is to have 5 subnets(10.10.10.0/24, 10.10.11.0/24, 10.10.12.0/24, 10.10.13.0/24, 10.10.14.0/24) been assigned to each of the 5 internal PIX interfaces.
The problem here is I do not want change the router's site2site VPN configuration. How can I achieve this if I assign the subnetwork 10.10.10.0/24 inside the PIX? If so, what should be the ip address be assign to the router's fa0/1 and the PIX e0(connect to the router fa0/1)? How to make sure that the other VPN site network still see us as 10.10.10.0/24 when most of the stuffs has change? Where should the NAT be functioning this time?
The pix is running on v6.3 but will be upgrading to v7 pretty soon.
Due to my first time playing pix, I simulated a test case scenario yesterday and wanted the 5 internal subnets(e1,e2,e3,e4,e5) to be able to route traffic within a pix.
When I did a static route to route e1 to e2 and vice versa, it gave me a error that route already exist. Ok fine, I thought. but it just couldnt ping through.
Then I add 2 rules to let the 2 subnets of Ip addrs to pass through their own interface to inorder to ping. Pix prompt me whether I want to have NAT between them or else I can't add the rules. I allow the NAT function to be added between the subnets and it proved to be able to ping between them. Now must be NAT to be on inorder for the rules to work between the subnets?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :