Site to Site VPN with 2 PIX and DSL

rickycancio · ‎11-27-2005

Hi. I am wondering if it is possible to connect 2 PIX that are connected to the Internet by DSL Modems to create a Site to Site VPN.

Private--Pix--DSL--Internet--DSL--Pix--Private

The DSL Modems each have a static public ip address assigned by the ISP (64.xx.xx.xx).

Is this possible? What would I put in

isakmp key xxxxx address command?? What would I put in the

crypto ipsec policy zz set peer command??

Thanks in advance!

jackko · ‎11-27-2005

static nat, and inbound acls need to be configured for pix outside interface on the dsl modem. further, it may not be feasible providing each site has only one public ip. the reason being that lan-lan vpn requires esp (i.e. ip 50), which is unlikely to be supported by port forwarding on dsl modem.

i would suggest you configure both dsl modem into bridging mode, and configure the static public ip directly on the pix outside interface. it would be less complicated to implement and manage.

arumugasamy · ‎11-27-2005

Mr.Jackko,

Could you provide the cmds for the static nat and inbound acl to be configured on dsl modem.

Also what is the commands needs to be used on PIX fw.

Thanks

Arumugasamy