I have a PIX 515 and a 3005 VPN Concentrator. The PIX has 3 interfaces, one for private (inside), one for public (outside) and a DMZ. What is the best approach for the concentrator? Should I put it in the DMZ and then create access-lists or conduits to it? Is their a recommended approach with this? If anyone has recently done this and knows which ports to allow etc. That would be great.