Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
2
Replies

How do I configure peer-to-peer VPN over adsl using dynamic IP addresses?

sguerrero
Level 1
Level 1

‎01-22-2005 09:44 AM - edited ‎02-21-2020 01:33 PM

I have two firewalls 501 and want to set up a vpn peer-to-peer. Firewalls are working OK with their policies for security but when implementing another access-list to set the traffic which will be encrypted, when I use the PDM again to add a new rule it says that PDM will run in read mode only because does not support two access-lists.

Besides I want to confirm how I can configure the peer because I configured it with IP but this IP changes. Thanks for any help, this is a piece of my config:

PIX Version 6.3(4)

..

ip address outside pppoe setroute

ip address inside 10.0.1.1 255.255.255.0

vpdn group pppoe_group request dialout pppoe

vpdn group pppoe_group localname cisco

vpdn group pppoe_group ppp authentication pap

vpdn username cisco password xxxxx store-local

access-list inside_access_in permit tcp any any

access-group inside_access_in in interface inside

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

----

When I add the vpn config, I receive a message from PDM whenever I try to add a new rule in my access-list inside_access_in

isakmp enable outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash md5

isakmp policy 1 group 1

isakmp policy 1 lifetime 86400

isakmp key xxxxx address a.b.c.d netmask 255.255.255.255

access-list 101 permit ip host 10.0.1.0 10.0.44.0 255.255.255.0

crypto ipsec transform-set test esp-3des esp-md5-hmac

crypto map mymap 1 ipsec-isakmp

crypto map mymap 1 match address 101

crypto map mymap 1 set peer a.b.c.d

crypto map mymap 1 set transform-set test

crypto map mymap interface outside

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

Any help please let me know.

Thanks,

Labels:
0 Helpful
2 Replies 2

jsivulka
Level 5
Level 5

‎01-28-2005 06:56 AM

The configuration example you are looking for is located at http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e52.shtml. HTH.

0 Helpful

sguerrero
Level 1
Level 1
In response to jsivulka

‎01-28-2005 08:49 AM

Thanks for your answer. I already configured all points and the full mesh is working now. Points a,b,c all of them working in full mesh.

0 Helpful
Customers Also Viewed These Support Documents