I have a Pix 525 that remote users will be dialing into via EasyVPN.
In this scenario, I only have one interface to use, the outside interface, as the inside interface has been setup as a management interface.
Basically I need to be able to authenticate my easyvpn users via radius, through a VPN connection to a customer site. The problem I have is that I don't seem to be able to assign a source IP to the radius request, or even assign another IP to the PIX for the encryption domain (e.g., through a subinterface or vlan, etc).
The end result would be that the radius request needs to come from the same device that is terminating the VPN which provides access to the radius server.
Is this even possible? I would prefer to do it on the 525, and may be able to assign a real, routable address to the inside itnerface, but then how would I determine which IP the radius request comes from (required for it to be a part of the encryption domain). I was thinking it might be possible with scenario like this http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094469.shtml , but then that example has different subnets on the different interfaces, which my current environment does not.
If not on this Pix, is there a make/model that would be able to perform the task of terminating remote-access VPNs, a site-to-site VPN, and passing radius through that site-to-site all on the same interface (with different IPs).
