Currently I have a 501 protecting out corporate LAN from the outside. I also have another 501 that segments our corporate LAN from another subnet that is not connected to the Internet.
I would like to be able to gain access to that second PIX from the outside so that I can access the computers on that network.
Currently that 2nd PIX is setup with a VPN group that allows PC's from our corporate LAN to securely access data on the other LAN. That PIX has an IP address assigned to it that is part of the subnet of our corporate LAN. This works great.
Would it be possible for assign a public IP address to the internal IP address of the 2nd PIX on the first PIX? I was thinking that if there was a public address pointing to the IP address of the 2nd PIX, I could then authenticate to the VPN group in the 2nd PIX.
First, is this at all possible? I am getting told by the vendor that set up this 2nd firewall and network that it is, but they are not willing to assist. Just wondering if there is an easier way or if I am just wasting my time.