Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1830
Views
0
Helpful
0
Comments

How to configure dynamic maps in a PIX 500 series Firewall with software version PIX 7.x ?

TCC_2
Level 10
Level 10

‎06-22-2009 04:45 PM - edited ‎03-08-2019 06:19 PM

Core issue

Dynamic maps are used on the PIX Firewall when the IP address of an incoming client connection is  not known. Clients can use any global IP address from any location to connect  to the PIX. Cisco VPN clients and EZVPN users are considered dynamic clients.

Resolution

To configure a dynamic map on PIX 7.x, perform these steps:

  1. Define the transform set to be used during IPSec    security association (SA) negotiation. Specify Data Encryption Standard (DES), Triple DES (3DES) or Advanced Encryption Standard (AES) as the encryption algorithm:
    crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac
  2. Create a dynamic crypto map entry and add it to a static crypto map:
    crypto dynamic-map map2 10 set transform-set trmset1
    crypto map map1 10 ipsec-isakmp dynamic map2
  3. Bind the crypto map to the outside interface:
    crypto map map1 interface outside

For additional information on dynamic maps, refer toPIX-to-PIX (Version 7.x and Later) Dynamic-to-Static IPsec with NAT and VPN Client Configuration Example.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents