Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
6
Replies

PIX-to-PIX VPN config help needed

chrisloggins
Level 1
Level 1

‎08-31-2005 02:24 AM - edited ‎02-21-2020 01:56 PM

What am I missing? The configuration is between two LANs, with a pix515 serving the host, and a pix506 at the remote. The pix515 config still has some garbage from the last company that configured it (being removed now). I'm sure it's something simple, but for some reason I don't see what I'm missing... When I 'ping 10.1.18.x' (or anything else to 10.1.18.x) from the host site, there is no response.

Labels:
Preview file
10 KB
Preview file
7 KB
Preview file
8 KB
0 Helpful
6 Replies 6

jmia
Level 7
Level 7

‎08-31-2005 04:03 AM

Chris,

Take a look at this document for configuration example on site-to-site IPSec VPN:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml

Hope this help and if it does please rate post as others might find it useful.

Thanks, and let me know if you need any further help.

Jay

0 Helpful

chrisloggins
Level 1
Level 1
In response to jmia

‎08-31-2005 04:48 AM

I read that article, and referenced it in configuring the remote site. The only real difference was using 'ip address dhcp outside'. I didn't think that would make a difference, and still no luck.

Here's some more info:

Home -

10.1.17.0 (includes dhcp server inside at 10.1.17.11) -> pix515 -> cablemodem -> (internet)

Remote -

10.1.18.0 (pix506) -> cablemodem -> (internet)

Again, thanks for the help.

0 Helpful

jmia
Level 7
Level 7
In response to chrisloggins

‎08-31-2005 04:59 AM

Chris,

OK, I was in a hurry earlier, so you have one side with dynamic IP and the other with static IP - correct? If so, look at the configuration details form this document:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a0080094680.shtml

Let me know if this helps and please rate post as it might help others too.

Thanks -

Jay

0 Helpful

chrisloggins
Level 1
Level 1
In response to jmia

‎08-31-2005 06:26 AM

Both sides are dynamic IP. The IPs rarely change, and it is possible we will have a static IP in the near future.

0 Helpful

mostiguy
Level 6
Level 6
In response to chrisloggins

‎08-31-2005 08:25 AM

PIXen require that one side be static. I am not aware of any cisco device that allows both sides to be dynamic. The dynamic side needs to know where the other side is - hence it must be static.

0 Helpful

chrisloggins
Level 1
Level 1
In response to mostiguy

‎08-31-2005 01:23 PM

The IPs of the two sites rarely change (once in the past six months). The VPN was functional at some point in the past (prior to the last IP change). My thinking was to config the units as if the IPs were static, and worry about updating the config if/when the IPs changed (assuming static IPs aren't purchased in the interim).

0 Helpful
Customers Also Viewed These Support Documents