Cisco VPN 3000: Addressing and Topology Question
Posted on 2004-03-29
A client with around 30 users has switched DSL ISPs.
The previous ISP assigned them (as part of the service's package) a pool of public ip addresses -- one of which was used for their VPN 3000. Unfortunately, the cheesy new ISP does not support this, insisting upon only one address per customer.
This has deprived them of an additional address to use for accessing the VPN 3000.
I believe (and perhaps I'm mistaken here, hence the posting) that I can get around this by acquiring a router, assigning the VPN only an internally valid address and forwarding VPN traffic through the firewall (Pix 515) to the 3000.
I imagine it would look something like this:
[DSL] --> [ROUTER] --> [PIX 515] ---> [CATALYST /FASTHUBS] <--> VPN 3000
This looks right to me but I'm certain I'm missing something.
Any help figuring out how to access the 3000 (and where it should be placed) would be well rewarded -- and appreciated.