Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Hub-and-Spoke VPNs and PPPoE

We have a Hub-and-Spoke scenario: PIX 515 at the central site and PIX 501 at the home offices. The PIX 501s are connected to a DSL modem. Therefore, their ip addresses are not predictable.

We like to use isakmp authentication with pre-shared keys. Do I have to use dynamic crypto maps at the central site, or is there any other solution. Maybe someone can post a working configuration or a link to the related cisco documentation?

Thanks in advance


Cisco Employee

Re: Hub-and-Spoke VPNs and PPPoE

You'll have to use a dynamic crypto map if you want to set it up like that, here's a sample config (

What is even easier now if you're running 6.2 on the PIX's, is to use a new feature called EzVPN where the remote PIX's look very similar to VPN clients coming in. The config on the remote PIX's is very simple, just a few lines. You can set it up so that it acts just like a LAN-to-LAN tunnel where the remote PC's are still contactable from the head-end site (network-extension mode), or you can set it up so that all the PC's behind the remote PIX are invisible and the remote PIX looks just like a client coming in (client mode). Sample config is here:

CreatePlease to create content