Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
1
Replies

PIX and dynamic crypto map

piccololean
Level 1
Level 1

‎07-21-2005 01:41 PM

Hi guys! I've a big problem... my PIX 515E has the outside interface connected to the 172.17.x.x net with IP 172.17.16.163. On the inside interface there's a private net 10.0.0.x. I configured the PIX with IPSec support for a VPN with the PC 172.17.10.50 and it works fine. Now I need to change my conf to permit to every pc on the 172.17.x.x to enter the VPN... I've tried with dynamic crypto map but it didn't work. Can someone tell me what are the lines that I have to modify? Here's my conf: http://utenti.lycos.it/lean79/conf.txt

Thanks to all!

Labels:
0 Helpful
1 Reply 1

ehirsel
Level 6
Level 6

‎07-23-2005 05:48 PM

Will you be using the cisco vpn client on the PC? Or will you be using the IPSec code that comes with the OS, or someother client?

How was you dynamic crypto map defined? If you still had the the 10.50 peer defined in that map then it does not matter that the map is definec dynamic, only that 10.50 peer can connect. Normally dynamic maps are used when you do not know the peer beforehand. You could modify the isakmp key to only be used by the 172.17.x.x subnet instead of anyone, to insure that general internet hosts cannot try to connect to your pix via IPSec. You still should not define the set peer in the crypto map though.

Let me know if this helps and whether or not you need more help.

0 Helpful
Customers Also Viewed These Support Documents