Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX firewall/IOS firewall VPN in a dynamic environment

Hi,

I have a situation where I have to add peers to my crypto map as and when there are new customers for our VPN service. When I try to edit my crypto map entries to add the new peer, the rest of the established tunnels are torn down. Looks like these devices remove the crypto map from the interface and apply it again when we edit it. Since we have dynamic environment where we need to create new IPSEC peers every now and then (through the same interface) what is the suggested solution to avoid downtime?

2 REPLIES
New Member

Re: PIX firewall/IOS firewall VPN in a dynamic environment

You may try to configure a dynamic crypto map, one that does not knows previously the ip address of its peers, and let authentication to a radius server. In that way, you only need to add one user to the radius server to enable a new peer to interact with you via vpn.

Hope to help,

New Member

Re: PIX firewall/IOS firewall VPN in a dynamic environment

This is a good idea! Thanks.

100
Views
0
Helpful
2
Replies
CreatePlease login to create content