Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Easiest way to connect IOS router to PIX with IPSec

I need to connect several dozen IOS routers to my PIX using IPSec. I was thinking about doing it manually until I saw several references to Cisco Easy VPN. This looks like it could be an attractive option to editing a bunch of config files. However, I can't seem to find any technical documents on the setup of EzVPN. All I seem to find is sales literature. Is EzVPN the way to go here? If so, can somebody point me to some good tech docs on this technology?



Cisco Employee

Re: Easiest way to connect IOS router to PIX with IPSec

Here's the EzVPN Phase 2 documentation. Note you'll need to be running 12.2(8)YJ on the routers to use this feature.

Here's a sample config for configuring it on the router (, although this is a Phase 1 EzVPN setup and it's to a VPN3000 concentrator. Just ignore all the VPN3000 stuff and look at the router config, and Phase 2 introduced a "connect auto" command that'll automatically re-connect the tunnel after a timeout, rather than you have to wait for traffic from the remote site, which is good for management purposes.

The PIX side of the configuration is just a standard VPN client configuration, since the EzVPN client looks like a standard client connection:

Note that the group name and password in the PIX config and the group name and password used in IOS obviously have to match.

Community Member

Re: Easiest way to connect IOS router to PIX with IPSec

Thanks for the great links!


CreatePlease to create content