I'm new to the world of PIX. I am learning quickly though, I think.
Anyway I purchased a 501 and what I would like to do; I believe it is possible is the following.
Configure an IPSEC tunnel from my PIX to the office where I work. I do not have admin rights to the equipment at work but I believe I have the buy-in from the network administrator if I can come up with the configuration.
At the office we have a Cisco VPN Conentrator that all of the existing vpn tunnels terminate against (software vpn clients, 501 vpnclients, etc).
Is it possible to configure up my 501 at home so that only 1 IP address NATed inside my network would traverse the IPSEC tunnel to the office, and the relevant data to return through the tunnel. I don't have a problem with other traffic coming through the tunnel to my house; but the only traffic that "should" be coming through the tunnel should be reply traffic.
Any other data from my house would not go through the tunnel, but go out the standard interface.
I know we have another user who has a 501 at his house; however he is using the easyvpn client which causes all of his traffic to go through the tunnel, this causes the traffic not bound for the office to "double-dip" off of the office internet connection and I don't want to do that, especially since my wife works from home. I would not want all of her traffic to traverse the tunnel to my office to get out to the internet (as I'm sure the network admin).
So the million dollar question is, is this possible, or am I asking for too much.
In addition to the VPN concentrator at the office we have mostly cisco hardware (routers, PIXes, swithes, etc...), so if its not possible to terminate against the concentrator, could I terminate against another device?
If it is possible, could I trouble you all for some help putting together the commands to make it work on the PIX and the concentrator?
don't have any idea about the concentrator.
Cheers, And Thanks for the help,
-Tyler