I have pix 506e deployed in a Site.the outside interface of pix is connected to adsl isp router and IP is dynamic.Inside intreface have static IP.And DHCP server is in my local network.I want to deploy vpn for remote client.Remote client should get authenticated and get ip address from local DHCP server and can access resources.But this remote hosts also has dynamic ip addresses when they are connected to internet.how can i make it.
First of all, you need to have a static IP address for the adsl interface in order for the remote clients can access the enterprise using the VPN.
Second, where you want to make the VPN server the adsl router or the PIX? if the PIX, i think you need to enable port forwarding at the adsl router, this router will forward any IPSec request "for example" to the PIX. This is done with static IP address at the outside interface for the adsl router.
Or, if you can get more than one real IP address so you can configure the outside interface for the PIX with real IP address, if applicable, no need for port forwarding.
I am having a similar problem, and I'm wondering if you can point me to a direction.
I have a 805 router with internet connection and a static IP address , and I want to extablish a VPN with 2 remote sites, wich have adsl connection and dynamic IP address.It is possible? How ? It is reliable?
It is reliable, however be aware that with a dynamic crypto map there is a little less security as you are using the same key for multiple clients so if it is compromised on one of the sites then you will have to change it for all sites.
returning to the subject, i am facing the following problem. How to filter traffic comming from the internet? I do not have any access-list applied to that interface. I have to allow traffic from the internet to my webserver (http only) and deny everything else. I know I can use route-map on a static NAT to allow the VPN users to access the webserver, but how do I filter traffic on that interface.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...