Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
0
Helpful
3
Replies

Help, anyone knows how to config site-to-siteVPN w/Pix515E&LinksysBEFSX41?

rjvendiola
Level 1
Level 1

‎12-14-2006 07:26 PM

Hi Guys,

Please help, is anyone tested or knows how to configure the Pix 515E site-to-site VPN with Linksys BEFSX41? As of this time, i'm using cisco vpn client to have a vpn tunnel (running and operational) to our head office but we are planning to implement site-to-site VPN, Pix515E at Head Office and Linksys BEFSX41 on our remote branches. Thanks in advance and more power!

Labels:
0 Helpful
3 Replies 3

sachinraja
Level 9
Level 9

‎12-14-2006 10:38 PM

Hello,

Please have a look at this URL for cisco PIX configuration... the other end can be a router/linksys or any other device..

http://www.cisco.com/warp/public/110/39.html

For linksys configuration, u can probably google it....

Hope this helps.. all the best.. rate replies if found useful..

Raj

0 Helpful

rjvendiola
Level 1
Level 1
In response to sachinraja

‎12-20-2006 12:34 AM

Raj,

Thanks for your help, I'll do some experimentation on this. Also, is it possible to configure my pix515E for Site-to-Site VPN and at the same time for VPN Client-to-Site VPN?

More power!

Reden

0 Helpful

jmia
Level 7
Level 7
In response to rjvendiola

‎12-20-2006 03:38 AM

Reden

Yes you can have both, here's an example:

access-list nonat permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list nonat permit ip 10.0.0.0 255.255.255.0 172.10.10.0 255.255.255.224

access-list 100 permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 101 permit ip 10.0.0.0 255.255.255.0 172.10.10.0 255.255.255.224

ip local pool raspool 172.10.10.1-172.10.10.30 mask 255.255.255.224

nat (inside) 0 access-list nonat

sysopt connection permit-ipsec

crypto ipsec transform-set esp-3des esp-md5-hmac

crypto dynamic-map dynmap 100 set transform-set

crypto map 1 ipsec-isakmp

crypto map 1 match address 100

crypto map 1 set peer

crypto map 1 set transform-set

crypto map 65535 ipsec-isakmp dynamic dynmap

crypto map interface outside

isakmp enable outside

isakmp key address netmask 255.255.255.255

isakmp identity address

isakmp nat-traversal

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash md5

isakmp policy 1 group 2

isakmp policy lifetime 86400

vpngroup address-pool raspool

vpngroup dns-server

vpngroup wins-server

vpngroup default-domain

vpngroup split-tunnel 101

vpngroup idle-time 1800

vpngroup password

NOTE - If you need access to the internet whilst connected to your internal network using the vpn client then you'll need

to use the 'split-tunnel' command, I personally don't allow this for security reasons but added this so that you know it can

be done.

Hope this helps and let me know if you have any further questions - please rate posts if it helps.

0 Helpful
Customers Also Viewed These Support Documents