cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1200
Views
0
Helpful
7
Replies

Site to Site VPN

melwin.uk
Level 1
Level 1

Hi

need config help for site to site VPN. HeadOffice with Pix 515 with static public IP and Two branchOffice with dynamic Public IP. Branch office are equiped with 877 router

Appreicate help

1 Accepted Solution

Accepted Solutions

Here is a sample configuration with 1 dynamic peer and vpn client on PIX:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

Just assume that vpn client is the second dynamic peer because essentially vpn client is also a dynamic peer. If you check the NAT exemption statement, the second ACL line would be towards the ip pool subnet assigned to the vpn client, so just assume that the second ACL line is towards your second dynamic peer LAN subnet.

Unfortunately there is no sample configuration with 2 dynamic lan-to-lan peers, however, the concept is the same on the above sample config.

View solution in original post

7 Replies 7

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi,

Check out the below links on configuration examples for site to site vpn

http://www.cisco.com/en/US/docs/security/pix/pix62/configuration/guide/sit2site.pdf

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Thank you Ganesh.

I am looking for sample config with PIX/ASA at one end and router at other end.

Router would have dynamic ip address.

Hi,

To add another vpn site on Pix/Asa do I need to replicate the same steps or some tweak needed

If you are trying to establish VPN tunnel from dynamic peer, you do not need to configure anything else on the PIX once you have configured 1 dynamic map. Once you got 1 dynamic site connected, the second dynamic site should connect too if phase 1 and phase 2 policies match between the PIX and the dynamic peer end.

1 thing that you need to configure is the NAT exemption ACL for the second dynamic peer LAN.

Hi halijenn

can you help to find the documented steps on cisco website for more than one dynamic site connected to pix/ASA

i checked but no luck so far.

Here is a sample configuration with 1 dynamic peer and vpn client on PIX:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

Just assume that vpn client is the second dynamic peer because essentially vpn client is also a dynamic peer. If you check the NAT exemption statement, the second ACL line would be towards the ip pool subnet assigned to the vpn client, so just assume that the second ACL line is towards your second dynamic peer LAN subnet.

Unfortunately there is no sample configuration with 2 dynamic lan-to-lan peers, however, the concept is the same on the above sample config.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: