Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
278
Views
0
Helpful
5
Replies

Configuring Dynamic ip on a Pix

killroy
Level 1
Level 1

‎09-14-2005 01:35 AM - edited ‎02-21-2020 12:23 AM

Hi

I have a problem!?!?

As a third party I was given a username and password to the ISP for a dynamic ip for a connection to internet. The device connected to the dynamic ip will be a pix 501.

Since Im new in vpn:ing my question is.

How do I configure the pix 501 to be connected to one 2611 and one 1710 and vice versa.

Both 2611 and 1710 have fixed ip:s concerning the dynamic ip in the pix 501

Will be grateful for some good advice

0 Helpful
5 Replies 5

jackko
Level 7
Level 7

‎09-14-2005 05:38 PM

configure pix as an ezvpn client whereas 2611 and 1710 as an ezvpn server. one catch is that the vpn can only be established by user behind the pix.

if a full mesh vpn is required, you can still configure lan-lan vpn between routers as normal. router can act as both ezvpn server and normal ipsec peer at the same time.

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a00800ab518.shtml

0 Helpful

killroy
Level 1
Level 1
In response to jackko

‎09-19-2005 03:28 AM

Hi jackko

I need lan to lan vpn. full mech between pix, 2611 and 1710 with a dynamic address on the pix.

Cant open the link. Maybe I dont have enough cisco point to access the link.;-)

0 Helpful

jackko
Level 7
Level 7
In response to killroy

‎09-19-2005 05:36 PM

with a lan-lan vpn you'll need a static ip. it canbe dynamic but it has to be a static.

the pix will be assigned with an ip everytime it boots up, the lan-lan vpn will work as long as the assigned ip stays the same.

0 Helpful

killroy
Level 1
Level 1
In response to jackko

‎09-27-2005 10:49 PM

The ISP for the 501 runs pppoe with dynamic ip address username and pwd.

The ISP for the 1710 runs static ip address.

Our 2611 uses static ip.

And if its a better solution we can connect the 501 to a 3005.

Whats giving me the "chill" is the dynamic ip.

How the conf would look like in the 501 and the 1700 and 2611/3005.

Given up hope on lan to lan on the pix.

0 Helpful

jackko
Level 7
Level 7
In response to killroy

‎09-28-2005 06:33 AM

please read attached is the sample provided by cisco with the url posted before. it shows the bit with 501 and 1700/2611 with ezvpn.

below is a sample for 1700/2611 lan-lan vpn

aaa new-model

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key xxx address no-xauth

!

!

crypto ipsec transform-set myset esp-3des esp-md5-hmac

!

crypto map mymap 10 ipsec-isakmp

set peer

set transform-set myset

match address 121

interface Ethernet0

ip nat inside

interface Dialer0

ip access-group 111 in

crypto map mymap

ip nat inside source route-map nonat interface Dialer0 overload

access-list 101 deny ip

access-list 101 permit ip any

access-list 111 permit ip

access-list 121 permit ip

route-map nonat permit 10

match ip address 101

Preview file
6 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card