Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
3
Replies

LAN to LAn tunnel

senthil.natarajan
Level 1
Level 1

‎03-17-2003 04:20 PM - edited ‎03-09-2019 02:33 AM

Hi all,

I have a question,

Here is the scenarion

inside------pix--------Internet router-------------DSL router-----PIX 501e---Inside

netrowok(1) netwrok(2)

IP adddress

1. inside network ( 10.x.x.x & 192.168.X.x)

2. Pix inside address- 192.168.16.16

3. Pix outside address- 12.96.38.82

4. internet router inside- 12.96.38.81

5. internet router outside - 12.119.110.22

6. Cayman DSL router( no idea of the ip address, but sure its doing natting)

7. PIX 501e outside - dhcp client - 192.168.1.4

8. pix 501e inside - 10.x.x.x

9. inside netowrks 2 (10.x.x.x and 192.168.x.x)

Can i initiate a tunnel between the 2 pix, if yes my question of concern is what ip address i can give for the ipsec-isakamp peer config on the pix 506. Can i set it to 0.0.0.0 0.0.0.0 ?

I am really confused while configuring the pix 506, becasue i am not sure what ip address my pix501e will get my DSL router(since its a dsl connection). can dynamic crypto map be used ? if i use that will my tunnel come up ?

please advice.

sen

Labels:
0 Helpful
3 Replies 3

afakhan
Level 4
Level 4

‎03-17-2003 06:45 PM

Hi,

Configure PIX-501 as the easy vpn client, and pix-506 as the Easy VPN server, but as you have RFC1918(private address) on the PIX-501 outside interface, and your DSL router is doing PAT, you will need to wait till end of this month

for V6.3 OS for PIX, as it supports IPSec/UDP.

If you are DSL router can be configured for NAT(one-to-one) for PIX-501 outside IP address (you will also need an extra IP address from your Caymen DSL side), then you can follow this link to implement it.

http://www.cisco.com/warp/public/110/dynamicpix.html

Thanks,

Afaq

0 Helpful

senthil.natarajan
Level 1
Level 1
In response to afakhan

‎03-17-2003 06:51 PM

Can you please point me some documentation on ezvpn server and client. Because i am not familier with that configuration.

Thanks

senthil

0 Helpful

afakhan
Level 4
Level 4
In response to senthil.natarajan

‎03-18-2003 12:06 AM

Hi,

You can use easy vpn when you have 6.3 sw on the PIXes, or if you configure static NAT on the DSL router.

To configure PIX-501 as Easy vpn client, see following config:

http://www.cisco.com/warp/public/110/pix-ios-easyvpn.html

Easy vpn server configuration(on the other pix) is just like you configure pix to accept vpn remote access configuration.

Thanks

Afaq

0 Helpful
Customers Also Viewed These Support Documents