Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1379
Views
0
Helpful
4
Replies

Site to Site Pix 501 Dynamic IP

pgagnon
Level 1
Level 1

‎03-03-2002 08:43 PM - edited ‎02-20-2020 09:59 PM

I have a shiny new Pix 501/10 user/3des. I have a remote site with a dsl connection that has a dynamic ip address from the ISP. I want to do a site to site ipsec 3des ike preshared keys tunnel to connect to my Concentrator 3015. I have the Cisco sample config for this scenario with static ip's at each end. When setting up my Lan-to-Lan in the concentrator, what do I specify for my IKE peer?

Can this tunnel even work with one end being dynamic? This is the one piece of info I've been scouring for and not finding.

0 Helpful
4 Replies 4

fmadar
Level 1
Level 1

‎03-04-2002 04:56 AM

Yes, you can. Where you have the dsl connection I supouse you should use PPPoE and in the other end you must tell the concentrator that you will be receiving a remote access connection. This sets up the concentrator to recreive any peer IP address. You won't be able to start the tunnel from the static connection, always from the dinamyc.

Regards

0 Helpful

eheston
Level 1
Level 1

‎03-07-2002 07:18 PM

I have implemented this configuration successfully for a few clients. This document should help:

Configuring PIX to PIX Dynamic-to-Static IPSec with NAT and Cisco VPN Client

http://www.cisco.com/warp/customer/110/dynamicpix.html

0 Helpful

cjacinto
Cisco Employee
Cisco Employee

‎03-09-2002 10:36 PM

This could be done, see:

http://www.cisco.com/warp/customer/471/vpn3k_iosdhcp.html

On the above it is an ios, but you could modify it for the PIX, and take note of the concentrator config.

0 Helpful

paul.gagnon
Level 1
Level 1
In response to cjacinto

‎03-14-2002 12:28 PM

I opened a tac and got a good sample config from one of the techs. This worked great and I did use the information from both of those documents as well to get this working. The config for the pix 501 is much simpler than that of the bigger pix's used in those sample configs.

The incorrect assumption I was making is that this would be a Lan-to-Lan connection. However, this situation is treated like a vpn client only there is no address assignment that happens.

Now I'm in the process of getting my routing issues straightened out.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card