VPN connection using dynamic IP

servnj · ‎03-04-2007

I have a PIX515 at the main office and 2 remote locations that have static IP address connected via DSL each using a linksys RVO82 to connect to the PIX515. Now I have an another site with dynamic IP. Do I use the same crypto and isakmp commands using isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode? I have attached the pix setup for the other VPN connetions

Thanks

Kamal Malhotra · ‎03-04-2007

Hi,

Yes, you use the same ISAKMP policies and the Crypto Map. All you need to make sure that the remote site with dynamic IP is configured for the same ISAKMP (phase 1) and IPSEC transform set (phase 2) policies and ofcourse the pre shared key has to match.

HTH,

Please rate if it helps,

Regards,

Kamal

servnj · ‎03-11-2007

Thanks, the problem I am having now is I added access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

and access-list 110 permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

When I enter the crypto map command I get an error crypto map mymap incomplete. I reloaded the PIX and just added isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode. With this I am able to get the tunnel connected. How do I get the crypto map to take or since I have the connection up do I need to enter them in?