I've got some 506 firewalls running 6.3.1 code that I want to connect through my 3000 concentrator running 3.5.5 code. The 506 firewalls either have a dynamically assigned public address or a private address that is translated to a public address via a NAT pool I have no control over (shared office facilities). I have set this up in the past using all PIX firewalls and dynamic crypto maps, but can't figure out how to configure a LAN-to-LAN connection on the 3000 without entering a peer address. Will this configuration work?
Hi, it can be done and here is a doc that might help you. It involves a router but the 3000 confg will work with the PIX.....Make sure that when you make changes to the base group that you are not inheriting those changes to your existing 3000 groups.......
Hi, it can be done and here is a doc that might help you. It involves a router but the 3000 confg will work with the PIX.....Make sure that when you make changes to the base group that you are not inheriting those changes to your existing 3000 groups.......
Thanks, that did it. The magic command was "isakmp identity address". I tried to look it up in the command reference, but couldn't find any information on the "address" option. Can you point in the right direction?
