Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site-to-site vpns w/roaving users

I was wondering, if you have two PIX515e's configured with a site-to-site IPsec tunnel, can you also have the following configured:

* Another site that has a broadband connection that does NOT have a static IP (DHCP provided by the ISP)

* Roaving user with laptop; again, DHCP client

We are running the PIXOS 6.3-3, and are runninng into some problems in our lab. I haven't found any docs, so I was hoping the community could possibly help.



New Member

Re: Site-to-site vpns w/roaving users

You can have the broadband site connect to the PIX using EasyVPN, however, note that you may have some routing/connectivity issue due to the PIX ASA engine. I would suggest moving to a IOS based VPN instead, unless you have a pure hub-spoke VPN infrastructure and you don't mind not having spoke to spoke connectivity.

New Member

Re: Site-to-site vpns w/roaving users

Yes, it will be a complete hub-and-spoke VPN infrastructure. The remote sites only need to get access to data from the hub network. There are no services in the spoke networks.

What routing/connectivity issues are you referring to? Also, do you happen to know of any document from Cisco that outlines how to do this?