I have a shiny new Pix 501/10 user/3des. I have a remote site with a dsl connection that has a dynamic ip address from the ISP. I want to do a site to site ipsec 3des ike preshared keys tunnel to connect to my Concentrator 3015. I have the Cisco sample config for this scenario with static ip's at each end. When setting up my Lan-to-Lan in the concentrator, what do I specify for my IKE peer?
Can this tunnel even work with one end being dynamic? This is the one piece of info I've been scouring for and not finding.
Yes, you can. Where you have the dsl connection I supouse you should use PPPoE and in the other end you must tell the concentrator that you will be receiving a remote access connection. This sets up the concentrator to recreive any peer IP address. You won't be able to start the tunnel from the static connection, always from the dinamyc.
I opened a tac and got a good sample config from one of the techs. This worked great and I did use the information from both of those documents as well to get this working. The config for the pix 501 is much simpler than that of the bigger pix's used in those sample configs.
The incorrect assumption I was making is that this would be a Lan-to-Lan connection. However, this situation is treated like a vpn client only there is no address assignment that happens.
Now I'm in the process of getting my routing issues straightened out.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :