Solved: Can site-to-site VPN with just 1 static IP in PIX?

teru-lei · ‎06-17-2003

Hi All,

Can I use to pix for VPN with just 1 static IP as follow:

LAN-A------PIX1-------INTERNET---------PIX2-------LAN-B

Just PIX1 has static IP, PIX2 use DHCP from ISP. I have config this type of VPN with another brand equipment. But use PIX, I just have config VPN with both ends have static IP and I can not find information in the web site. Because when config site-to-site VPN, I should use "set peer"command.

Can anybody tell me how can I do it with PIX? Thank You!

Best Regards

Teru Lei

gfullage · ‎06-19-2003

You jsut need to configure a dynamic crypto map on PIX 1, and a standard crypto map with a "set peer" on PIX 2. Here's a sample config:

http://www.cisco.com/warp/public/110/dynamicpix.html

Note that this also has VPN clients connecting into PIX 1 (Lion), so just forget about all the "vpngroup" commands you see in its configuration cause they're not needed for your scenario.

View solution in original post

gfullage · ‎06-19-2003

You jsut need to configure a dynamic crypto map on PIX 1, and a standard crypto map with a "set peer" on PIX 2. Here's a sample config:

http://www.cisco.com/warp/public/110/dynamicpix.html

Note that this also has VPN clients connecting into PIX 1 (Lion), so just forget about all the "vpngroup" commands you see in its configuration cause they're not needed for your scenario.

teru-lei · ‎06-19-2003

Thank You very much!

Best Regards

Teru Lei