cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

915
Views
0
Helpful
8
Replies
jmckechnie
Beginner

PIX 515e VPN Quickie

Hi,

We currently have a remote site connected over a site to site VPN to a PIX 515e at our head office. We also have a client to site VPN that also terminates at the same PIX on the same outside interface.

We are in the process of testing the Cisco IP communicator over a VPN. One of the remaining tasks is to assess whether it is feasible to connect to the remote site using the client to site vpn connection.

I'd be grateful for any guidance on if this possible with a 515e.

I hope this is enough info, I just want a theroretical yes or no for now.

thanks

John

1 ACCEPTED SOLUTION

Accepted Solutions

Exactly John.

That's a good example :-)

Federico.

View solution in original post

8 REPLIES 8

Hi,

Sure you can connect both a remote IPsec client and a Site-to-Site connection to the same PIX outside interface.

You need a static crypto map for the Site-to-Site and a dynamic crypto map for the client(s).

The dynamic crypto map is binded to the static map which in turn is associated to the outside interface.

Hope it helps.


Federico.

Thanks for the respsonse Federico. What i'm trying to find out is if it is possible to route between the two VPN's?

Thanks

John

John,

If you want to communicate both VPNs, then the PIX must be running at least code 7.x to be able to u-turn the traffic.

You can configure the PIX to reroute the VPN traffic back out the same interface via the other tunnel.

If the PIX is running 6.x, another option is to configure the PIX to receive the VPN traffic on the outside interface, have the PIX route that traffic to an internal router which in turn sends the traffic back to the PIX out via the other tunnel (this because of the limitation of not being able to do u-turn).

So, recommendation is to have code 7.x or higher and configure u-turn.

Federico.

Thanks again. Thats really useful. We are on software version 7.2 so i will take your advise and look at the u-turn option.

I've found this config example.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804675ac.shtml

Is this what I should be following?

Thanks

John

Exactly John.

That's a good example :-)

Federico.

View solution in original post

Great, most of the config is already in place. I while do some testing!!

thanks again.

John

You should not have any problems however if something does not work along the way, just let us know :-)

Federico.

Will do. Thanks.

John

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (50%)

Content for Community-Ad