Is there a good link anywhere that explains how to set this up where the main office will have a PIX firewall with a static outside ip, and the remote end will be an ASA with a dynamic ip, and we'll need an ipsec tunnel between them? I'm assuming traffic will have to be initiated from the firewall with the dynamic ip, in this case the ASA? But what about once the tunnel is up, will I be able to initate a connection into the network on the ASA LAN from a LAN behind the PIX (assuming its defined in the crypto map)? If I can't connect to the ASA's LAN, will I at least be able to initiate an SSH session to the ASA from the PIX lan? thanks
I found that link last night. what I don't like about it is it doesn't just address a site to site between a dynamic ip and a static ip, it throws the vpn client into the works. This part adds to confusion for me and I'm not quite certain which part of the config applies to the remote access vpn vs the site to site. In particular, which lines from the configs in the example (pasted below) apply to the site to site piece of it?
does the above reference BOTH the remote access and site to site piece of it? while I can appreciate Cisco's doc wanting to cover the additional scenario of remote access vpn's, I'd prefer to see just the config between two firewalls where only a site to site between a static and dynamic is being discussed. I wasn't 100% certain as to which parts of the cisco doc is referencing the config needed for the remote access example, I only need the site to site piece of it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...