Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1247
Views
0
Helpful
8
Replies

PIX 515e VPN Quickie

Go to solution
jmckechnie
Level 1
Level 1

‎02-17-2011 08:34 AM - edited ‎03-11-2019 12:52 PM

Hi,

We currently have a remote site connected over a site to site VPN to a PIX 515e at our head office. We also have a client to site VPN that also terminates at the same PIX on the same outside interface.

We are in the process of testing the Cisco IP communicator over a VPN. One of the remaining tasks is to assess whether it is feasible to connect to the remote site using the client to site vpn connection.

I'd be grateful for any guidance on if this possible with a 515e.

I hope this is enough info, I just want a theroretical yes or no for now.

thanks

John

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to jmckechnie

‎02-17-2011 09:23 AM

Exactly John.

That's a good example :-)

Federico.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎02-17-2011 08:38 AM

Hi,

Sure you can connect both a remote IPsec client and a Site-to-Site connection to the same PIX outside interface.

You need a static crypto map for the Site-to-Site and a dynamic crypto map for the client(s).

The dynamic crypto map is binded to the static map which in turn is associated to the outside interface.

Hope it helps.


Federico.

0 Helpful

Go to solution
jmckechnie
Level 1
Level 1
In response to Federico Coto Fajardo

‎02-17-2011 08:45 AM

Thanks for the respsonse Federico. What i'm trying to find out is if it is possible to route between the two VPN's?

Thanks

John

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to jmckechnie

‎02-17-2011 08:50 AM

John,

If you want to communicate both VPNs, then the PIX must be running at least code 7.x to be able to u-turn the traffic.

You can configure the PIX to reroute the VPN traffic back out the same interface via the other tunnel.

If the PIX is running 6.x, another option is to configure the PIX to receive the VPN traffic on the outside interface, have the PIX route that traffic to an internal router which in turn sends the traffic back to the PIX out via the other tunnel (this because of the limitation of not being able to do u-turn).

So, recommendation is to have code 7.x or higher and configure u-turn.

Federico.

0 Helpful

Go to solution
jmckechnie
Level 1
Level 1
In response to Federico Coto Fajardo

‎02-17-2011 09:15 AM

Thanks again. Thats really useful. We are on software version 7.2 so i will take your advise and look at the u-turn option.

I've found this config example.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804675ac.shtml

Is this what I should be following?

Thanks

John

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to jmckechnie

‎02-17-2011 09:23 AM

Exactly John.

That's a good example :-)

Federico.

0 Helpful

Go to solution
jmckechnie
Level 1
Level 1
In response to Federico Coto Fajardo

‎02-17-2011 09:26 AM

Great, most of the config is already in place. I while do some testing!!

thanks again.

John

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to jmckechnie

‎02-17-2011 09:29 AM

You should not have any problems however if something does not work along the way, just let us know :-)

Federico.

0 Helpful

Go to solution
jmckechnie
Level 1
Level 1
In response to Federico Coto Fajardo

‎02-18-2011 12:58 AM

Will do. Thanks.

John

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card