05-03-2010 11:05 PM - edited 03-04-2019 08:21 AM
Hi
need config help for site to site VPN. HeadOffice with Pix 515 with static public IP and Two branchOffice with dynamic Public IP. Branch office are equiped with 877 router
Appreicate help
Solved! Go to Solution.
05-04-2010 03:17 AM
Here is a sample configuration with 1 dynamic peer and vpn client on PIX:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml
Just assume that vpn client is the second dynamic peer because essentially vpn client is also a dynamic peer. If you check the NAT exemption statement, the second ACL line would be towards the ip pool subnet assigned to the vpn client, so just assume that the second ACL line is towards your second dynamic peer LAN subnet.
Unfortunately there is no sample configuration with 2 dynamic lan-to-lan peers, however, the concept is the same on the above sample config.
05-03-2010 11:20 PM
Hi,
Check out the below links on configuration examples for site to site vpn
http://www.cisco.com/en/US/docs/security/pix/pix62/configuration/guide/sit2site.pdf
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
05-04-2010 12:37 AM
Thank you Ganesh.
I am looking for sample config with PIX/ASA at one end and router at other end.
Router would have dynamic ip address.
05-04-2010 01:30 AM
check this:
or use wizard from GUI
05-04-2010 02:47 AM
Hi,
To add another vpn site on Pix/Asa do I need to replicate the same steps or some tweak needed
05-04-2010 02:55 AM
If you are trying to establish VPN tunnel from dynamic peer, you do not need to configure anything else on the PIX once you have configured 1 dynamic map. Once you got 1 dynamic site connected, the second dynamic site should connect too if phase 1 and phase 2 policies match between the PIX and the dynamic peer end.
1 thing that you need to configure is the NAT exemption ACL for the second dynamic peer LAN.
05-04-2010 03:07 AM
Hi halijenn
can you help to find the documented steps on cisco website for more than one dynamic site connected to pix/ASA
i checked but no luck so far.
05-04-2010 03:17 AM
Here is a sample configuration with 1 dynamic peer and vpn client on PIX:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml
Just assume that vpn client is the second dynamic peer because essentially vpn client is also a dynamic peer. If you check the NAT exemption statement, the second ACL line would be towards the ip pool subnet assigned to the vpn client, so just assume that the second ACL line is towards your second dynamic peer LAN subnet.
Unfortunately there is no sample configuration with 2 dynamic lan-to-lan peers, however, the concept is the same on the above sample config.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide