10-29-2010 07:05 PM
have to configure vpn to corp network from a remote location without static IP (get a random IP in a conference)
I have a spare PIX515 and a spare 2600 router - can any of them be used as VPN client?
Solved! Go to Solution.
10-30-2010 06:41 PM
Hello,
I am very sorry to inform you that the information provided in the first reply is not true. The only Pix Hardware that support HW client in a EZVpn environment are the Pix 501 and Pix 506e ONLY.
Here you can find the note that states it
Note: The PIX 501 and PIX 506/506E are Easy VPN Remote and Easy VPN Server devices. The PIX 515/515E, PIX 525, and PIX 535 act as Easy VPN Servers only.
Hope this Helps.
Mike
10-30-2010 04:20 AM
Hi,
Yes either or can be used for the VPN termination point. I suspect yuo will be doing a site-to-site VPN. The only thing preventing you from creating this on either or is if the IOS does not support the VPN connectivity. Your PIX will be more likely to have an IOS with VPN features but again, either or.
PIX guide - http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sit2site.html
Router guide (via SDM) - http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_configuration_example09186a00806ad10e.shtml
Regards
Jimmy
10-30-2010 12:29 PM
IOS support VPN but I think you missed the point
I do not have a static IP and site-to-site require one on both ends
I need to use it (or a couple of 2600s) as client only
10-30-2010 06:41 PM
Hello,
I am very sorry to inform you that the information provided in the first reply is not true. The only Pix Hardware that support HW client in a EZVpn environment are the Pix 501 and Pix 506e ONLY.
Here you can find the note that states it
Note: The PIX 501 and PIX 506/506E are Easy VPN Remote and Easy VPN Server devices. The PIX 515/515E, PIX 525, and PIX 535 act as Easy VPN Servers only.
Hope this Helps.
Mike
10-30-2010 07:14 PM
Maykol,
thanks for the clarification, that was my initial suspicious and reason for this question...
saying that, is there any work around for this kind of scenario?
10-30-2010 09:10 PM
Hello,
No problem, well, not just because you dont have an static IP means that you cannot have a L2L tunnel with a Dynamic crypto map. Given the case that you actually need to connect any of these devices to a VPN server at the main office, I can tell you that the Pix wont be able, and the 2600 series Im not sure.
Doing some research I found that maybe in an specific version you will be able to. Please use this link below, you will be able to search an Image that will fit your router with the feature that you need. Just fill up the blanks.
http://tools.cisco.com/Support/Fusion/FusionHome.do
Hope it helps.
Mike
10-31-2010 12:05 PM
thanks.
I'll have to find anothr solution...
10-31-2010 01:40 PM
What device do you have at your main site that this pix or ios router is going to connect to ?
Try looking at this link :
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801dddbb.shtml
10-31-2010 05:48 PM
main site uses ASA5520
11-01-2010 02:23 AM
If you have asa on the mainsite, you should be able to use the ios router as a "hardware" vpn client. You just create a new vpn group and allow remote extension and then configure the router as a client. This will allow L2L traffic, though the router will be the only device that can open the tunnel, and you will be able to use dynamic addresses on the router.
crypto ipsec client ezvpn test
connect auto
group
mode network-extension
peer
username
xauth userid mode local
!
Interface
crypto ipsec client ezvpn test inside
!
Interface
crypto ipsec client ezvpn test
!
Other than that you will just need a default route to the internet, and you should be good to go.
11-01-2010 06:53 AM
jan,
this would work on a 2600 router?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide