3002 running 4.7 in network extension mode, pix running 6.3(5). Require connections from the private subnets behind the pix to private subnets
behind the 3002. It appears the 3002 only supports the directly connected subnet off it's private interface as interesting traffic. There is no way to specify add'l subnets behind the 3002.
From the 3002 4.7 admin guide:
Network Extension mode allows the VPN 3002 to present a single, routable network to the remote private network over the VPN tunnel. IPSec encapsulates all traffic from the VPN 3002 private network to networks behind the central-site VPN Concentrator.
Below is the ipsec sa for the tunnel, 172.25.1.0/24 is the private subnet off the 3002. When the tunnel is up the pix creates a dynamic acl (dynac187). Is there is any way to specify add'l subnets off the 3002 without moving to another platform like the 3005 on each side?
local ident (addr/mask/prot/port): (192.168.100.103/255.255.255.255/0/0)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...