Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

configuring LAN to LAN on 3005 to establish tunnel with 0.0.0.0 (unknown)

Is there a way to establish a LAN-to-LAN tunnel with a device that is acquiring a dynamic outside address.

Scenerio:

827or501<-(DSLgetdynamicIP)->ISP<-------WWW--------->3000Concentrator

-An 827 router or PIX 501 at a remote office with only 3 users

-A 3005 concentrator at our main office (has a static Global IP on E0)

-the remote office device (827 or 501) connects the LAN to the Internet via DSL and acquires it's outside address via DHCP

-the VPN peer configured on the remote office device would be the outside interface of the 3000 concentrator at our main site

-the LAN-2-LAN peer configured on the 3000 will be 0.0.0.0

is it possible for a concentrator to establish a LAN-2-LAN with an unknown peer LAN, as long as the preshared keys match? I know this is a potential security risk, but is this setup possible?

-any help greatly appreciated-

3 REPLIES
e.l
Community Member

Re: configuring LAN to LAN on 3005 to establish tunnel with 0.0.

The above is possible.

Just configure the VPN3000 to accept a remote hardware client VPN connection from PIX501/827 and use "network extension mode". The following is sample configuration:

http://www.cisco.com/warp/public/471/pix501506_vpn3k.html

HTH

Cisco Employee

Re: configuring LAN to LAN on 3005 to establish tunnel with 0.0.

LAN-2-LAN tunnel from a VPN 3000 to IKE peer 0.0.0.0 cannot be configured.

Nelson

Cisco Employee

Re: configuring LAN to LAN on 3005 to establish tunnel with 0.0.

This is the sample configuration you have to follow:

http://www.cisco.com/warp/public/471/vpn3k_iosdhcp.html

Regards,

101
Views
0
Helpful
3
Replies
CreatePlease to create content