Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Hub-and-Spoke VPNs and PPPoE

Unanswered Question
Sep 4th, 2002
User Badges:

We have a Hub-and-Spoke scenario: PIX 515 at the central site and PIX 501 at the home offices. The PIX 501s are connected to a DSL modem. Therefore, their ip addresses are not predictable.

We like to use isakmp authentication with pre-shared keys. Do I have to use dynamic crypto maps at the central site, or is there any other solution. Maybe someone can post a working configuration or a link to the related cisco documentation?

Thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gfullage Wed, 09/04/2002 - 18:36
User Badges:
  • Cisco Employee,

You'll have to use a dynamic crypto map if you want to set it up like that, here's a sample config (http://www.cisco.com/warp/public/110/dynamicpix.html).

What is even easier now if you're running 6.2 on the PIX's, is to use a new feature called EzVPN where the remote PIX's look very similar to VPN clients coming in. The config on the remote PIX's is very simple, just a few lines. You can set it up so that it acts just like a LAN-to-LAN tunnel where the remote PC's are still contactable from the head-end site (network-extension mode), or you can set it up so that all the PC's behind the remote PIX are invisible and the remote PIX looks just like a client coming in (client mode). Sample config is here: http://www.cisco.com/warp/public/110/pix-ios-easyvpn.html


This Discussion