Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

pix to pix vpn


i have setup a vpn bet 2 pix where the dynamic pix is initiating the vpn to the static pix (one way). Now the customer wants the vpn to be bidirectional where both locations could initiate the vpn connections.

if i will have a fix ip on the other end which is the dynamic pix, is bidirectional vpn possible?



Re: pix to pix vpn

Bi-directional VPN is possible but you need fixed (static) IP on both ends (PIX 1 and PIX 2), as you correctly pointed out, with static to dynamic setup only the dynamic side can initiate the VPN tunnel as the static side will not know the dynamic side IP.

Hope this helps and please rate post if it helps.


New Member

Re: pix to pix vpn

How Can I create Bi-directional VPN ?


Re: pix to pix vpn

below are the sample codes for configuring a lan-lan vpn:

access-list 101 permit ip

access-list 121 permit ip

ip address outside

ip address inside

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map myvpn 10 ipsec-isakmp

crypto map myvpn 10 match address 121

crypto map myvpn 10 set peer

crypto map myvpn 10 set transform-set myset

crypto map myvpn interface outside

isakmp enable outside

isakmp key cisco123 address netmask no-xauth no-config-mode

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

CreatePlease login to create content