03-04-2007 06:23 PM - edited 02-21-2020 02:54 PM
I have a PIX515 at the main office and 2 remote locations that have static IP address connected via DSL each using a linksys RVO82 to connect to the PIX515. Now I have an another site with dynamic IP. Do I use the same crypto and isakmp commands using isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode? I have attached the pix setup for the other VPN connetions
Thanks
03-04-2007 07:22 PM
Hi,
Yes, you use the same ISAKMP policies and the Crypto Map. All you need to make sure that the remote site with dynamic IP is configured for the same ISAKMP (phase 1) and IPSEC transform set (phase 2) policies and ofcourse the pre shared key has to match.
HTH,
Please rate if it helps,
Regards,
Kamal
03-11-2007 05:19 PM
Thanks, the problem I am having now is I added access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
and access-list 110 permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
When I enter the crypto map command I get an error crypto map mymap incomplete. I reloaded the PIX and just added isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode. With this I am able to get the tunnel connected. How do I get the crypto map to take or since I have the connection up do I need to enter them in?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: