Hi all,
I MUST have a PIX with 2 interface on the same subnet (32 address) where to terminate VPNs tunnels. I need them for the traffic to flow between those 2 interfaces. PIX runs 6.3(4) and it is not possible to have 2 interfaces belonging to the same addressing range and same subnet mask. My idea was to put a router in the middle for one of the 2 interface. I had at the office a 837. I upgraded it to IOS 12.4 (that is the key!) to have
2 Ethernet interfaces independently configurable.The configuration is reported below
------ | |-tunn2---e2-|837(12.4)|-e0---Internet---|2611(12.3.15)|----10.134.36.0/24 | |
-192.168.36.0/24--inside---| |--outside-------- | | | |-tunn1------------------------Internet ------
837 must forward IPsec traffic from public IP to the internal IP address of the PIX.I don't want to upgrade to 7.0, perhaps in the future. I want to read deeply infos about migration from 6.3.4 to 7.0 before moving to new version.
I have another interface where VPN tunnels terminate, named tunn1 (as you can see).
As all of that I explained works fine but sometime tunnel between 192.168.36.0 and 10.134.36.0 goes down, my question is
is 837 enough good to play that role? I tried it because I had it at the office.
Could a 831 be good to play that role? Or must I choose higher level products? For me 837 should be good enough for that purpose but who knows?
Thanks for all your comments and/or suggestions.
Alex.