cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
359
Views
5
Helpful
5
Replies

Pix 501 VPN and dynamic outside address.

charles_hood
Level 1
Level 1

I am using a PIX 501 6.3 on a dynamic BellSouth DSL circuit, also I want to setup VPN access fron the outside.Is there a way to configure the PIX to respond to a request from outside after the IP address was changed by the ISP?

5 Replies 5

mostiguy
Level 6
Level 6

Get a static ip. Currently the pix does not have any dynamic dns client functionality AFAIK, and that is somewhat hackish compared to the reliability of a static ip

Mosti,

does this mean it is impossible to set up VPNs on a DHCPed outside interface?

Marc

Marc,

Nope, not impossible at all. The PIX does not care what the IP address is that is assigned to the IPSec interface. The problem is that your VPN clients will most likely not know the outside IP address of the PIX if it is constantly changing. Practically, this becomes a nightmare to scale and support. If you have a DHCP address on your PIX that doesn't change too much, and only a few clients, you should be fine. I personally use a PIX 501 in a cable enviro at my house and VPN in from time to time. Hope this helps.

Scott

Scott,

Thanks. I will have only 3 remote access VPN connections and one site to site(I think), so management wont be too bad(I think) because the DHCP gods are on my side, I have only changed my IP once when moving to my PIX 515.

On another note, have you any experience with the L2TP/IPSec client that is built into Mac OS X(10.3) and connecting (VPN) to a PIX?

Thanks.

Marc

Scott,

This is encouraging news, one question though. If I am resolving the IP address with a dynamic address service i.e (dyndns.org) and use the name "rscs.dyndns.org" in the address field in the client settings, will the client connect or does it require the actual IP Address to make the connection?

Also I am setting the DSL circuit up in this configuration.

First I set the router/modem into a bridged mode, second I configure the PIX 501 in a PPPoE setup managing the username and the password for the connection. Is this correct or is there another way to configure this that is more reliable?

Thanks,

Chuck

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: