cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
348
Views
0
Helpful
3
Replies

Router to PIX VPN when router has dynamic WAN address?

ccolumbus
Level 1
Level 1

Is it possible to setup a router to PIX VPN when the router is obtaining a dynamic WAN interface address (in this case ISDN dial-up)?

If so, has anyone done this? How do you define the peer when you don't know the peer address? Is it possible to allow any host to create a tunnel provided that the pre-shared key is known?

3 Replies 3

fmadar
Level 1
Level 1

I didn't do it with a PIX and a router but I did it with 2 routers. All you have to do is define the router in PIX configuration as a remote access device using the wildcard 0.0.0.0. i.e (crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0)

The answer to the second question is yes, it is possible.

You say yes it's possible, but can it be bi-directional? Wouldn't it only work if the pix with the dynamic address initiated the tunnel?

It is not bi-directional if you mean that anyone can start the VPN.

Only the device with the dinamic IP address can initiate the VPN, because the other one has no knowledge of peer IP address where to start the VPN. If you need to start the tunnel from any point what you can do is put on the VPN a permanent data (keepalives, routing updates, etc) once you establish the tunnel by first time. This way you will force the tunnel to be always up and if the ISP changes your IP address this pemanent data should bring up the tunnel again. Hope this help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: