Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Easiest way to connect IOS router to PIX with IPSec

I need to connect several dozen IOS routers to my PIX using IPSec. I was thinking about doing it manually until I saw several references to Cisco Easy VPN. This looks like it could be an attractive option to editing a bunch of config files. However, I can't seem to find any technical documents on the setup of EzVPN. All I seem to find is sales literature. Is EzVPN the way to go here? If so, can somebody point me to some good tech docs on this technology?

Thanks,

Diego

2 REPLIES
Cisco Employee

Re: Easiest way to connect IOS router to PIX with IPSec

Here's the EzVPN Phase 2 documentation. Note you'll need to be running 12.2(8)YJ on the routers to use this feature. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122y/122yj/ftezvp2.htm

Here's a sample config for configuring it on the router (http://www.cisco.com/warp/public/471/vpn_ios_ezvpn.html), although this is a Phase 1 EzVPN setup and it's to a VPN3000 concentrator. Just ignore all the VPN3000 stuff and look at the router config, and Phase 2 introduced a "connect auto" command that'll automatically re-connect the tunnel after a timeout, rather than you have to wait for traffic from the remote site, which is good for management purposes.

The PIX side of the configuration is just a standard VPN client configuration, since the EzVPN client looks like a standard client connection: http://www.cisco.com/warp/public/110/pix3000.html

Note that the group name and password in the PIX config and the group name and password used in IOS obviously have to match.

Community Member

Re: Easiest way to connect IOS router to PIX with IPSec

Thanks for the great links!

Diego

123
Views
0
Helpful
2
Replies
CreatePlease to create content