Cisco Support Community
Community Member

vpnsm and cisco vpn client


i am going to configure a cisco cat 6500 vpnsm to connect to some office in other country.from the remote office side the connection is:internet gw router-check Q is:

-can we use cisco vpn client on the remote side,if not,can the checkPoint be used as a peer?

Cisco Employee

Re: vpnsm and cisco vpn client


Option 1

VPN Client - Yes, you can use vpn client from the remote office and terminate the IPSEC connection on the VPNSM.

Things that need to be considered are:

1. How many users from the remote site

2. Is the connection going to initiated always from the remote site

3. What about managing the VPN Clients on the remote users laptop/desktop

4. Are you going to do External Authentication for the users, if so are you using Radius or TACACS+.

VPNSM Configuration Guide

Option 2:

IPSEC LAN to LAN Connection - Yes, you could do an Lan to Lan connection and this should be pretty straightforward.

Things that need to be considered are:

1. Is the remote site LAN IP Address Range the same as yours.

2. Are you going to use Pre-Shared Key or Certificates.

3. What about routing of the remote IP Range in your Routing Domain.

Sample Configurations:

IPSec LAN-to-LAN Tunnel Between a Catalyst 6500 with the VPN Service Module and a PIX Firewall Configuration Example

Configuring an IPSec Tunnel - Cisco Secure PIX Firewall to Checkpoint 4.1 Firewall

I hope the above info helps.



Community Member

Re: vpnsm and cisco vpn client

thanks Arul

to give you some idea on the connection:

-cisco vpn client is going to be used on the remote side

-there will be about 5 users on the remote side

-the connection is going to be initiated from the remote side

-i would like to manage the vpn clients from the server (vpnsm) side

-i am going to use local athentication for the users

with these requirements,pls give me a configuration example



Community Member

Re: vpnsm and cisco vpn client

hello Arul

i have configured the VPNSM (with dynamic client mapping) but when i configure the crypto map entry at the inside vlan interface,i.e.,

crypto map rtpdyn

it gives me the error

ERROR:Crypto Map with tag "rtpdyn" does not exist

but i have configured the crypto map rtpdyn and i can see it from sh run.what do you think is the problem ?

CreatePlease to create content