Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can site-to-site VPN with just 1 static IP in PIX?

Hi All,

Can I use to pix for VPN with just 1 static IP as follow:

LAN-A------PIX1-------INTERNET---------PIX2-------LAN-B

Just PIX1 has static IP, PIX2 use DHCP from ISP. I have config this type of VPN with another brand equipment. But use PIX, I just have config VPN with both ends have static IP and I can not find information in the web site. Because when config site-to-site VPN, I should use "set peer"command.

Can anybody tell me how can I do it with PIX? Thank You!

Best Regards

Teru Lei

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Can site-to-site VPN with just 1 static IP in PIX?

You jsut need to configure a dynamic crypto map on PIX 1, and a standard crypto map with a "set peer" on PIX 2. Here's a sample config:

http://www.cisco.com/warp/public/110/dynamicpix.html

Note that this also has VPN clients connecting into PIX 1 (Lion), so just forget about all the "vpngroup" commands you see in its configuration cause they're not needed for your scenario.

2 REPLIES
Cisco Employee

Re: Can site-to-site VPN with just 1 static IP in PIX?

You jsut need to configure a dynamic crypto map on PIX 1, and a standard crypto map with a "set peer" on PIX 2. Here's a sample config:

http://www.cisco.com/warp/public/110/dynamicpix.html

Note that this also has VPN clients connecting into PIX 1 (Lion), so just forget about all the "vpngroup" commands you see in its configuration cause they're not needed for your scenario.

New Member

Re: Can site-to-site VPN with just 1 static IP in PIX?

Thank You very much!

Best Regards

Teru Lei

194
Views
0
Helpful
2
Replies
CreatePlease login to create content