Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX and IPSec.

I have a general question regarding IP Sec capabilities. Currently I am using a Cisco 1710 with FW features to implement a couple of IPSec tunnels to remote sites.

Followed is a part of this configuration:


crypto map test local-address Loopback0

crypto map test 1 ipsec-manual

set peer

set session-key inbound esp 1050 authenticator 0123456789ABCDEF0123456789ABCDEF

set session-key outbound esp 1051 authenticator 0123456789ABCDEF0123456789ABCDEF

set transform-set testTRANS

match address 100


Now suppose I want to replase with a PIX firewall and want to keep existing configuration. What I forget to mention is that the 1710 router belongs to my internal LAN has private addresses on both interfaces and can only be accressed for IPSEC through public loopback address. Can PIX do the same? Can I assign a loopback address (public) to it and use it for IPSec?

From my experience up to know with PIX I know that such approach is not feasible and I would need to apply public IP addesses to the external interface of the PIX (and my Router Gateway as well!!!..meaning redesign)

Please let me know. I know other firewalls support such approach.

Cisco Employee

Re: PIX and IPSec.

Nope, you can't assign a loopback address to the PIX. You'd have to assign the loopback IP address to the outside of the PIX and terminate the tunnel on that. The PIX does support manual IPSec keying so you'll be able to still use that (although IKE is much more secure).