yes I due that type of network monthly for small bussinesses. I'll usually put a 506 at the central office and a 501 at the remote sites.
there isn't any point of the routers at either end to NAT, let the FWs do the NATing for everything. scott ""Lo Ching"" wrote in message news:[EMAIL PROTECTED] > Hi All, > > I have one remote location that need connecting to HQ. The internet service > provider can provide me a broadband line to access internet but only with 1 > fixed IP. > > My target is provide connectivity between remote site and HQ with security. > > Can I add a FW/VPN box behind the router like the following? > > remote LAN---FW/VPN---Router--Internet--HQ router---FW/VPN box--Server > > My concern is that the remote site router will NAT-enable so the FW/VPN > behind it will have private address as well. I heard that there are some > issue on IPSec VPN behind the NAT-enable router. Is it ture? > > Also, if no FW/VPN box installed in remote-site, any security concern? > > FR or leased line of course is alternative approach but it is expensive and > slower in speed. > > Thanks in advance. > > rgds, > Lo Ching Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65261&t=65239 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
