×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX 515 - Site to Site with agressive mode

Unanswered Question
Jun 3rd, 2003
User Badges:

Hi all,


I need to config a tunnel with a costumer that has an ADSL connection that changes your IP address every time he connects on internet.

How can I config the PIX Side ?? On the other side that is an SonicWall appliance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Tue, 06/03/2003 - 17:58
User Badges:
  • Cisco Employee,

You'll need a dynamic crypto map on the PIX, just like if you had VPN clients connecting in. In this scenario the SonicWall will always have to initiate the tunnel, the PIX can't be the initiator cause it doesn't know the remote IP address to send the packets to.


Sample config is here:


http://www.cisco.com/warp/public/707/29.html


A couple of modifications to teh above sample config though.


- Don't use the "sysopt ipsec pl-compatible" command, just leave it out.

- The access-list 103 will define traffic FROM the PIX inside subnet TO the SonicWall's inside subnet.

edy-rojas Wed, 06/04/2003 - 03:33
User Badges:

Thanks,


I´ll try this config, but I think this solve my problem.


Edy.

Actions

This Discussion