Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
0
Helpful
5
Replies

pix 501 vpn in passive mode

kevin.felts
Level 1
Level 1

‎08-03-2005 01:30 PM - edited ‎02-21-2020 01:53 PM

I need to set up a site to site vpn, but the 501 has to be in a passive mode. It can NOT iniate the vpn. Everyone I talk to says it can not be done. Well, the device is in passive with software vpn clients, why can that not apply to a site to site?? Main site has a T1 501 is on dsl with pppoe.

Labels:
0 Helpful
5 Replies 5

maraz
Level 1
Level 1

‎08-05-2005 01:44 AM

Hello,

Well, you could use the 501 as an Easy VPN client in "client mode" not network extension mode. The tunnel will not be established as long there is no "interesting" trafik. What do you mean by passive mode? Do you still want users to authenticate before going to central site? Then you must complement with IUA = individual user authentication. Also you can enable SUA = secure unit authentication.

If this does not help then please clarify what you are trying to accomplish.

Best Regards

Robert Maras

0 Helpful

kevin.felts
Level 1
Level 1
In response to maraz

‎08-05-2005 04:56 AM

I need the 501 to be "waiting" for a device to connect to it to form a site to site vpn. The other gateway to a Linksys RV042.

0 Helpful

maraz
Level 1
Level 1
In response to kevin.felts

‎08-05-2005 05:35 AM

Hello,

Sorry, but you must be more specific about how you want the whole scenario to be. I can not guess what you are trying to do.

Best Regards

Robert Maras

0 Helpful

kevin.felts
Level 1
Level 1
In response to maraz

‎08-05-2005 06:00 AM

The goal is to create a site to site vpn, that stays connected, with a split tunnel. So users can log into a windows domain from the remote sites via vpn, share printers across vpn, but all web traffic does not cross the vpn. The 501 can NOT iniate the connection, that has to be done from the home office. Two remote offices with pix 501's and home office with Linksys rv042. Once the tunnel is up, it stays connected. One person I spoke with said the 501 has to be able to iniate the connection if that network needs resoures from the main office. It can not work that way, once connected it stays connected, if the vpn is lost, the 501 waits for the main office to reconnect.

0 Helpful

maraz
Level 1
Level 1
In response to kevin.felts

‎08-07-2005 10:55 PM

Hello,

Then Easy VPN-client with NE network extension mode should do it for you. Since you are doing split-tunnel on the PIX you need the "vpnclient ne-st-autoconnect". Your tunnel will always be up and resources on the home office will be able to reach the remote-office without them initiating the connection.

Best Regards

Robert Maras

0 Helpful
Customers Also Viewed These Support Documents