Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN considerations

We currently have a small VPN setup for a few remote users. They use Cisco VPN Client S/W ver 4.01 and the head end here is a PIX 501. The PIX also terminates one site2site VPN.

We are looking to increase the number of remote users beyond the capability of our little 501. We would like to utilise our PIX 515E as the VPN head end as it can support many more tunnels and has a VAC card to offload cryptographic functions.

We are also interested in PIX ver 7.0 capabilities such as native integration with Microsoft Active Directory (currently we use TACACS+ as an intermediary) and stateful VPN failover.

The current setup uses a different vpngroup for each remote user and dynamic crypto maps. A different vpngroup is used as it references an access-list specific to that user's requirements using the split-tunnel option.


1) Is there a guide to setting up Cisco VPN Clients on a PIX ver 7.0 head end (we are currently running 6.3)?

2) Is our current setup (multiple vpngroups and dynamic crypto maps) the best way to permit VPN clients to connect (manageability/security etc)?

3) How secure is the vpngroup password on each client. Where is it stored, does it need to be secured?

Many thanks in advance


Re: VPN considerations


do find the link which talks about configuring RAVPN with 7.0 also it has enough samples discussed on different scenarios..


CreatePlease login to create content