cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1310
Views
0
Helpful
10
Replies

can PIX515 serve as VPN client?

ofir
Level 1
Level 1

have to configure vpn to corp network from a remote location without static IP (get a random IP in a conference)

I have a spare PIX515 and a spare 2600 router - can any of them be used as VPN client?

1 Accepted Solution

Accepted Solutions

Hello,

I am very sorry to inform you that the information provided in the first reply is not true. The only Pix Hardware that support HW client in a EZVpn environment are the Pix 501 and Pix 506e ONLY.

Here you can find the note that states it

Note: The PIX 501 and PIX 506/506E are Easy VPN Remote and Easy VPN Server           devices. The PIX 515/515E, PIX 525, and PIX 535 act as Easy VPN Servers only.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094cf8.shtml

Hope this Helps.

Mike

Mike

View solution in original post

10 Replies 10

James Hardman
Level 1
Level 1

Hi,

Yes either or can be used for the VPN termination point.  I suspect yuo will be doing a site-to-site VPN.  The only thing preventing you from creating this on either or is if the IOS does not support the VPN connectivity.  Your PIX will be more likely to have an IOS with VPN features but again, either or.

PIX guide - http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sit2site.html

Router guide (via SDM) - http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_configuration_example09186a00806ad10e.shtml

Regards

Jimmy

IOS support VPN but I think you missed the point

I do not have a static IP and site-to-site require one on both ends

I need to use it (or a couple of 2600s) as client only

Hello,

I am very sorry to inform you that the information provided in the first reply is not true. The only Pix Hardware that support HW client in a EZVpn environment are the Pix 501 and Pix 506e ONLY.

Here you can find the note that states it

Note: The PIX 501 and PIX 506/506E are Easy VPN Remote and Easy VPN Server           devices. The PIX 515/515E, PIX 525, and PIX 535 act as Easy VPN Servers only.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094cf8.shtml

Hope this Helps.

Mike

Mike

Maykol,

thanks for the clarification, that was my initial suspicious and reason for this question...

saying that, is there any work around for this kind of scenario?

Hello,

No problem, well, not just because you dont have an static IP means that you cannot have a L2L tunnel with a Dynamic crypto map. Given the case that you actually need to connect any of these devices to a VPN server at the main office, I can tell you that the Pix wont be able, and the 2600 series Im not sure.

Doing some research I found that maybe in an specific version you will be able to. Please use this link below, you will be able to search an Image that will fit your router with the feature that you need. Just fill up the blanks.

http://tools.cisco.com/Support/Fusion/FusionHome.do

Hope it helps.

Mike

Mike

thanks.

I'll have to find anothr solution...

What device do you have at your main site that this pix or ios router is going to connect to ?

Try looking at this link :

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801dddbb.shtml

main site uses ASA5520

If you have asa on the mainsite, you should be able to use the ios router as a "hardware" vpn client. You just create a new vpn group and allow remote extension and then configure the router as a client. This will allow L2L traffic, though the router will be the only device that can open the tunnel, and you will be able to use dynamic addresses on the router.

crypto ipsec client ezvpn test
connect auto
group key
mode network-extension
peer
username password
xauth userid mode local
!

Interface

crypto ipsec client ezvpn test inside
!

Interface

  crypto ipsec client ezvpn test
!

Other than that you will just need a default route to the internet, and you should be good to go.

jan,

this would work on a 2600 router?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: