Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Hub-and-Spoke VPNs and PPPoE

We have a Hub-and-Spoke scenario: PIX 515 at the central site and PIX 501 at the home offices. The PIX 501s are connected to a DSL modem. Therefore, their ip addresses are not predictable.

We like to use isakmp authentication with pre-shared keys. Do I have to use dynamic crypto maps at the central site, or is there any other solution. Maybe someone can post a working configuration or a link to the related cisco documentation?

Thanks in advance

Edgar

1 REPLY
Cisco Employee

Re: Hub-and-Spoke VPNs and PPPoE

You'll have to use a dynamic crypto map if you want to set it up like that, here's a sample config (http://www.cisco.com/warp/public/110/dynamicpix.html).

What is even easier now if you're running 6.2 on the PIX's, is to use a new feature called EzVPN where the remote PIX's look very similar to VPN clients coming in. The config on the remote PIX's is very simple, just a few lines. You can set it up so that it acts just like a LAN-to-LAN tunnel where the remote PC's are still contactable from the head-end site (network-extension mode), or you can set it up so that all the PC's behind the remote PIX are invisible and the remote PIX looks just like a client coming in (client mode). Sample config is here: http://www.cisco.com/warp/public/110/pix-ios-easyvpn.html

94
Views
0
Helpful
1
Replies
CreatePlease to create content