Jason- Why not just invest in a half-dozen (or however many you need) PIX 501's and be done with it. This way, you ditch the "Cheapo Router", the 2500, and the "IPSEC appliance".
If I recall correctly, the PIX 501 has PPPoE support (after all, that's the niche market its targeting!) and it can do IPSEC with dynamic maps (I believe). And the plus side is, you get to learn hands-on some PIX stuff, if you didn't have the experience already! BTW- PIX 501s are "Nationally Back-Ordered for 3DES 10 User Units" as of the last I heard from the distributor last week, until Mid to late February. :( Mark Odette II -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of the-other-jason Sent: Tuesday, January 15, 2002 2:57 PM To: [EMAIL PROTECTED] Subject: tunneling with previously undefined endpoint? [7:32057] Help, I can't think of a way to do this ..... :-( We have two IPSec "appliances" at work that require known, routable addresses on their "non-secure" ethernet interfaces. We want to create a kit engineers can take home for remote IPSec access into the network from personal cable/dsl connections. Our typical home networks have a cheapo router running NAT. The router is getting a real "outside" address from a service provider via DHCP (point "C" in the drawing). On the inside, we use private addressing (point "B"). The problem is to configure an IPSec appliance with a real address but connect it via the private address LAN at home. The obvious way to do this is with a tunnel, so we've managed to scavenge a couple of old 2500s for this purpose... IPSec cheapo IPSec appliance -->2500-->router-->ISP-->Internet-->3660-->2500-->appliance A B C D Ideally, we want a tunnel from the left side of the left 2500 to either the 3660 or the right 2500 .... so that we can give the left IPSec appliance some of our address space. With GRE, however, you have to specify the endpoint addresses in advance, and of course we don't know what address the ISP will give one via DHCP .... After some reading, I _think_ PPPoE, L2F, PPTP, and L2TP won't help us much Does anyone have any ideas? Jason Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32134&t=32057 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
