Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX 515 - Site to Site with agressive mode

Hi all,

I need to config a tunnel with a costumer that has an ADSL connection that changes your IP address every time he connects on internet.

How can I config the PIX Side ?? On the other side that is an SonicWall appliance.

2 REPLIES
Cisco Employee

Re: PIX 515 - Site to Site with agressive mode

You'll need a dynamic crypto map on the PIX, just like if you had VPN clients connecting in. In this scenario the SonicWall will always have to initiate the tunnel, the PIX can't be the initiator cause it doesn't know the remote IP address to send the packets to.

Sample config is here:

http://www.cisco.com/warp/public/707/29.html

A couple of modifications to teh above sample config though.

- Don't use the "sysopt ipsec pl-compatible" command, just leave it out.

- The access-list 103 will define traffic FROM the PIX inside subnet TO the SonicWall's inside subnet.

Community Member

Re: PIX 515 - Site to Site with agressive mode

Thanks,

I´ll try this config, but I think this solve my problem.

Edy.

91
Views
0
Helpful
2
Replies
CreatePlease to create content