Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Need to creating a Secure and Isolated VPN using PIX and Cisco Routers


I have attached two diagram, one depicting current VPN configuration for an isolted segment of our network and the other is what we want change the current setup with.

I have not done any VPN or GRE tunnel over a point-to-point T1 involving Cisco PIX and routers. I would apprciate if someone could assist me on what I need to do as far as the type of the VPN and how to attempt doing/implementing the VPN given the devices involved.

Currently there are two VPN policies with isakamp statement in the PIX configurations. I want to change the way traffic are being sent to our emote location by ending these VPN connections over the Internet and back to our network in the remote location while we do have a backdoor to that remote location via a point to point T1.

Thanks very much in advance.



Re: Need to creating a Secure and Isolated VPN using PIX and Cis

Hello masood,

Actually you can use both these circuits on a failover mode... I mean , u can use the backdoor circuit (T1) as the primary link over IPSEC.. if this link goes down, u can get the traffic via internet through IPSEC... By doing this, the traffic is both secure and highly available.. You will have the same policies (IPSEC & ISAKMP) set for both these connections. The only change u will have to do is to add a second peer (internet peer) with the existing config..

set peer x.x.x.x (intranet)

set peer y.y.y.y (internet)

on the crypto map statement..

when u do this, the router/pix first checks up with x.x.x.x for IPSEC connectivity.. if this is unreachable, it tries connecting to y.y.y.y

Hope this helps. all the best. rate replies if found useful..


New Member

Re: Need to creating a Secure and Isolated VPN using PIX and Cis

Hi Raj,

thanks for geting back to me. so I don't have to make a VPN connection between the first PIX and gateway Internal router and again between th etweo routers at both end of the T1 and then to the pIX at the other end, correct?

can you please tell me more about the solution you are offering as far as where to apply th econfig given the picture on the proposed path, the new one. These statements are goping to be at which end?

if between the two PIXs at both ends then what will happen to th edevices in between?

Please elborate as i have not done this before.



New Member

Re: Need to creating a Secure and Isolated VPN using PIX and Cis


I don't have a config for the new proposed setup. I have drawn that diag to say that this is how I want to do it. I don't know how to go about and configure this ptoposed setup.



CreatePlease to create content