09-05-2003 02:17 AM - edited 03-09-2019 04:40 AM
Hello,
I configured a dynamical VPN connection to another company and it works pretty well.
But if another person wants to connect at the same time from another PC over the same dynamic connection - the connection to our company breaks down.
So only one person at one time can be connected to us.
The other company uses the VPN Client 4.0 on an XP Home PC's and I configured an object group on our pix 6.3.1.
Here is my configuration:
name 10.0.0.20 as400_is
ip local pool dyn-vpn-lok-as400 10.3.1.1-10.3.1.9
crypto ipsec transform-set high-des esp-3des esp-sha-hmac
crypto dynamic-map dyn-vpn 10 set transform-set high-des
crypto map VPN 20 ipsec-isakmp dynamic dyn-vpn
isakmp key **** address 0.0.0.0 netmask 0.0.0.0
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 1800
isakmp client configuration address-pool local dyn-vpn-lok-as400 outside
vpngroup lokomo address-pool dyn-vpn-lok-as400
vpngroup lokomo idle-time 1800
vpngroup lokomo password ********
object-group network dyn-lok
network-object host 10.3.1.1
network-object host 10.3.1.2
network-object host 10.3.1.3
network-object host 10.3.1.4
network-object host 10.3.1.5
network-object host 10.3.1.6
network-object host 10.3.1.7
network-object host 10.3.1.8
network-object host 10.3.1.9
access-list lokomotion permit ip object-group dyn-lok host as400_is
access-list no_nat permit ip host as400_is object-group dyn-lok
Thank you for help
Kind regards
M. Koenig
09-11-2003 11:12 AM
I could not quiet understand what you meant by "connect over the same dynamic connection". If you are looking for a setup where the PIX is configured for Dynamic-to-Static IPSec (Site-to-Site) while parallely capable of accepting client connections, please see the configuration at http://www.cisco.com/warp/public/110/dynamicpix.html.
09-12-2003 04:26 AM
Hello,
thank you for your reply and hint.
It is mostly the thing I need. The only difference is
that I will use routers with dhcp assignet adresses.
M. König
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: