I'm trying to build a tunnel to our office in China. Our site-to-site router is a 1710 and the target firewall is a Pix 5150. I was able to successfully create the tunnel with an identical Pix router here in-house, but the main difference I am seeing is that the Pix at our China is employing an alias command and some conduits. Seems like the outside interface IP is being translated internally to the Web server ip, so I am unsure as to whether it is effecting communication to our router on the outside.
Here is the code on the Pix router that I think may be effecting the connection:
alias (inside) 192.168.0.79 xxx.138.xxx.5 255.255.255.255
Your Alias command is applied to "inside" interface. It looks like just for changing DNS response for your internal Web Server from global IP to local IP so that the internal user would use internal IP to access this web server.
Conduit commands just permits the incoming traffic which are related to those static NATs.
So, both should not impact your VPN traffic. Just remember to add "sysopt connection permit-ipsec" to let your IPSec traffic in.
Since your China PIX is running a old cold, I would suggest you to run a testing in the lab before the implementation.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...