Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix to Pix VPN using DHCP (DSL) Ip address

Status
Not open for further replies.
karlvg

karlvg

IS-IT--Management
May 21, 2002
24
US
I have just successfully setup a PIX to PIX VPN using a static IP address on each outside interface. The VPN is IPSec 3Des. The Pixs are a 515 (Work) and a 501 (Home).
Is it possible to for the VPN to work using a DHCP address for the outside interface that is assigned from my DSL ISP?
If so, how do I do this?
Thank you,
Karl
 
Sort by date Sort by votes
HI.

It is possible but depends if the DSL will pass ip protocols like ESP.

You can try the new feature "Easy VPN remote". This requires pix version 6.2x at the remote side (home), but the office pix can have older ver 6.xx

The office pix will be configured to support VPN clients (same configuration as for "real" cisco software vpn clients), and the remote pix will be configured with "Easy VPN remote" using the new PDM or command line.

Again, dynamic IP should be fine, but if the DSL device is also doing PAT or is allowing only TCP and UDP then it will probably fail.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Thank you for your reply.
So what you are saying is that I have to reconfigure the home PIX 501 using easy VPN? I see, the home PIX will act as a client VPN (like the 3.x client) to PIX VPN instead of a PIX to PIX VPN.
Then I would have to reconfigure the office PIX to except VPN clients?
With this setup, is the Cisco 3.x client able to connect to the work PIX?
Also, how is bandwidth handled? Is there any way to give certain connections more bandwidth than others?
Thank you for all of your help.
 
Upvote 0 Downvote
HI.

Yes, you have described it correctly, but it can work only if the pix 501 is not behind PAT.
Yes, Cisco 3.x vpn clients will also be able to connect with the same credentials.

Pix does not have any bandwidth management features.
This can only be done with another device.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
820
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
696
XLNTech1
XLNTech1
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
860
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
365
gkittelson
gkittelson

Part and Inventory Search

Sponsor

Back
Top