I currently connect to my office network using a pptp vpn from my xp machine at home. The office uses a Cisco 2600 router and an ISA server for a firewall. I first connect to the router and receive a natted ip address for the dmz. Then I make a second connection to the ISA into the internal network. All works well.
I am about to replace the ISA with a PIX. With the new config, the router will not do NAT as it will now be handled by the PIX.
Typically, should I require authentication at the router or simply pass through to the external interface of the PIX and establish the connection there?