In our network all of our addresses are public per the policy of our ISP, (the state of washington). In order to use a pix for the inner firewall I had to incorporate a cisco hack to exclude all addresses from NATing. This was done with a standard access list following cisco instructions.
Now I want to deploy VPNs on the pix using a microsoft radius server and microsoft certificates with cisco easy VPN clients. I haven't found instructions for this combination yet.
When I ran the cisco wizard to configure the pix as a VPN server it errored out. The dump shows the wizard tried to add an extended ACE to the standard ACL I created to avoid NATing and this was refused. Can I change the standard ACL recommended by cisco to an extended ACL without breaking the NAT exclusion function? Also, I'm not sure how to set up the client and pix to use certificates. I don't know what certificates to use and couldn't find information from cisco.
I would appreciate any information to help deploy these VPNs.
April 5, 2005 12:20 PM
April 6, 2005 12:23 PM