i have 2 pix's one 505 and one 515e with 3 interfaces on the 515e.
i have a dynamic vpn tunnel from 505 pix to the 515e which works but my vpn clients cannot get into thepix 515e on the same interface, they can only get connected if i manually put in a route intf2 command to the ip address of the pc which is out on the www.
i cannot put in a route intf2 0.0.0.0 0.0.0.0 as i aleady have a default route on the outside interface.
Usually, the PIX is configured to accept VPN requests on the outsde interface, which is the interface on which all remote VPN connections and lan-to-lan connections terminate. Dynamic maps and default routes aid with this. Split tunneling can be used to selectively encrypt traffic. DMZ is used to conect to partners and if VPN's are terminated there, it is expected that the remote peers IP address is known. If not, routing will be a problem. Two default routes will not work.
Thanks for the info. This makes allot more sense now.
So basically, if we are using the outside interface for outbound internet and clients accessing our www servers on this interface only. And if we want our vpn tunnel from our main site to remote site including vpn clients on the intf2 interface , am i correct in thinking this will not work in that case.
Can you use the intf2 interface for outbound internet and accessing our internal www servers. then use the outside interface for our vpn tunnel and vpn clients.
or, do we need to use the outside interface for internet, www servers and vpn clients then use the intf2 interface only for vpn tunnel.
I have tried using the intf2 interface for a dynamic vpn tunnel to our remote site without success but this works on a static tunnel. I cannot use a static tunnel for vpn clients
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...