I have a general question regarding IP Sec capabilities. Currently I am using a Cisco 1710 with FW features to implement a couple of IPSec tunnels to remote sites.
Followed is a part of this configuration:
!---------------
crypto map test local-address Loopback0
crypto map test 1 ipsec-manual
set peer 10.145.100.1
set session-key inbound esp 1050 authenticator 0123456789ABCDEF0123456789ABCDEF
set session-key outbound esp 1051 authenticator 0123456789ABCDEF0123456789ABCDEF
set transform-set testTRANS
match address 100
!----------------
Now suppose I want to replase with a PIX firewall and want to keep existing configuration. What I forget to mention is that the 1710 router belongs to my internal LAN has private addresses on both interfaces and can only be accressed for IPSEC through public loopback address. Can PIX do the same? Can I assign a loopback address (public) to it and use it for IPSec?
From my experience up to know with PIX I know that such approach is not feasible and I would need to apply public IP addesses to the external interface of the PIX (and my Router Gateway as well!!!..meaning redesign)
Please let me know. I know other firewalls support such approach.