I have over 200 remote users on xDSL to the Net. can they all use the VPN client on their computer behind the ISP CPE to connect back to my PIX(assuming all the right IOS ver)? Can I also have 1 pre-shared key for all or create groups with multiple users?
I would not see any problem with using the VPN client on there computers because they have xDSL as there transport. I would however from a management and security aspect not want to attach all of them to my PIX. Not to say it could not be done depending on the PIX and your internet connection to it. You can use preshared keys. I would however look at using a VPN concentrator and strong authentication as the management time and security holes associated in doing it this way may be considered poor by some. Not to say I have not done it that way in the past, but new tools and PKI have made it much easier to set up and manage as well as secure.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...