I have an ADSL router in Spain with a public IP address. This router is also a dhcp server dishing out 100.x.x.x addresses to whatever else is patched into it. In this case it's a pix. The pix picks up an ip from the router's dhcp. The Pix effectivly has a private dhcp address for it's outside interface (we've assigned it the same ip for all eternity) and a static 10.x.x.x inside address for the 10.x.x.x network it sits on.
Public (Router) Private (pix outside) Private (Pix inside ip and comapny's network)
We have a meshed pix to pix vpn between three sites. It all works but the router occassionaly bounces (we've gone through two) and I don't know why. I'm also a little concerned about the Outside Address of the Pix. Even though it's dished out by the Router's dhcp, is it going to be 'seen'?
If I do a show crypto isakmp on the UK Pix it shows:
dst src state pending created UK Pix France Pix QM_IDLE 0 34 UK Pix Spain Router QM_IDLE 0 4
Is this setup ok for Spain?
access-list UK permit ip 10.1.4.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list NO-NAT permit ip 10.1.4.0 255.255.255.0 10.1.1.0
255.255.255.0 access-list insideout permit ip 10.1.4.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list FRANCE permit ip 10.1.4.0 255.255.255.0 10.1.3.0 255.255.255.0ip address outside dhcp