My current Network is as follows:-
Router (X.X.X.129) > PIX 515e (X.X.X.131) > LAN (10.1.1.0\24)
At present I am using the Cisco VPN Software Client 4.8 to connect to the PIX using IP address X.X.X.131, which then enables users to connect to any server / host on the 10.1.1.0 network (ports 500 and 4500 have an ACL to forward for NAT transparency)
FTP connections point to the IP address X.X.X.135 (using static route and ACL to pass port 21 to FTP server on 10.1.1.2
SMTP connection point to the IP Address X.X.X.133 (using static route and ACL to pass port 25 to Barracuda Spam Firewall on 10.1.1.5)
WWW / HTTPS connections point to the IP address X.X.X.132 (using static route and ACL to pass ports 80/443 to Exchange Server 10.1.1.9)
Now throw into the mix a donation of 3005 VPN Concentrator and a few 3002 Clients (for remote hosts).
My problem is where do I place the 3005?
Ultimately, I want to remove the VPN tunneling from the PIX and have the 3005 handle all this and the pix just block or forward traffic. However, do I place the 3005 between the router and the pix, or do I assign another public IP, say X.X.X.136 to the DMZ port of the PIX and connect the 3005 there.
Any insight / logic would be appreciated.