cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
253
Views
5
Helpful
3
Replies

VPN 3005 to various sites

I have a VPN 3005 at central site and different sites connecting via Pix and routers at branch site. They all get Public IP Addresses dynamically. Now they are working since I have configured a Base Group password. But I want to give each site different password. Is this possible.

3 Replies 3

gfullage
Cisco Employee
Cisco Employee

If you don't kno the remote sites IP address, then the only way is to define them with the Default Pre-Shared Key defined under the base group parameters as shown here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800ae459.shtml

You can't unfortunately give each remote site a different password, sorry.

Thanks for the response. That means Groups can be configured only for VPN 3002 and software clients ?. For PIX and Routers do we need to configure them only either base groups or if we know the IP under LAN-TO-LAN section. What I wanted to do was filter the different sites (dynamic IPs) to be allowed to access only a specific portion of the Lan. Do you think this is possible.

Sorry for the delay in responding.

You can set the remote routers and PIX's up as EzVPN clients, so in effect they simulate a 3002/software client. This works much the same way as a L2L tunnel connectivity wise, but will allow you to push parameters to the routers/PIXs based on different concentrator groups.

Do a search for EzVPN or EasyVPN and there'll be a bunch of stuff on it. You'll need 12.2(13)T or higher on the router.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: