Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

setting up a client for VPN access when his IP changes constantly

Hello

I need to set up VPN access for my manager.

I had already done this once before; I simply set him up with site to site VPN against our PIX and his Linksys at home...easy, peasy, Japaneesy...

but now that is problematic; he has to reset his Cable Modem each night because it hangs....so he draws a new DHCP each time... this makes it fundamentally challenging for me to keep up with his new address and change it on our PIX for the VPN and then on our edge router for Edge filtering...

How can I do this??? I need a way for the PIX to ship a config to him or something..... Does he need to buy a hardware router at home...perhaps 501???

K

  • Other Security Subjects
5 REPLIES
Gold

Re: setting up a client for VPN access when his IP changes const

your manager doesn't need any extra hardware. one way is to configure remote vpn access instead of lan-lan vpn. then your manager needs to install cisco vpn client onto his/her laptop/pc at home.

below is a sample config:

access-list 101 permit ip 10.1.1.0 255.255.255.0

access-list 120 permit ip 10.1.1.0 255.255.255.0

ip local pool ippool 10.1.1.11-10.1.1.20

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

crypto ipsec transform-set superset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set superset

crypto map myvpn 10 ipsec-isakmp dynamic dynmap

crypto map myvpn vpn client configuration address initiate

crypto map myvpn client configuration address respond

crypto map myvpn client authentication LOCAL

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup vpnclient address-pool ippool

vpngroup vpnclient split-tunnel 110

vpngroup vpnclient idle-time 1800

vpngroup vpnclient password ********

username password

New Member

Re: setting up a client for VPN access when his IP changes const

Thanks for your help. This is what we did; just had to modify the ip range a bit.

Have a nice day

Gold

Re: setting up a client for VPN access when his IP changes const

you're welcome. let us know how you go.

according to cisco,

Why should I rate posts?

If you see a post that you think deserves recognition, please take a moment to rate it.

You'll be helping yourself and others to quickly identify useful content -- as determined by members. And you'll be ensuring that people who generously share their expertise are properly acknowledged. As posts are rated, the value of those ratings are accumulated as "points" and summarized on the Member Profile page and on each member's Preferences page.

Gold

Re: setting up a client for VPN access when his IP changes const

just wondering how you go.

Hall of Fame Super Red

Re: setting up a client for VPN access when his IP changes const

Hi Jack ... I totally agree with what yor reference is here. I have been reading these Forum's for awhile now (mostly IP Telephony) and have noticed a general lack of courtesy. There are many NetPros like yourself who take time out of their day to try and help others, and who are not being Thanked or even rated for their efforts.Those of us who use these forums should be sure to acknowledge others who give up their time to help us!! Before I discovered these forums I was drifting alone in the giant Cisco ocean. Now I am learning and garnering insight thanks to people like you.Keep on Rockin!!

Thanks again!! Rob

"May your heart always be joyful And may your song always be sung May you stay forever young " - Dylan
106
Views
5
Helpful
5
Replies
This widget could not be displayed.