Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN configuration

Hi All,

I have pix 506e deployed in a Site.the outside interface of pix is connected to adsl isp router and IP is dynamic.Inside intreface have static IP.And DHCP server is in my local network.I want to deploy vpn for remote client.Remote client should get authenticated and get ip address from local DHCP server and can access resources.But this remote hosts also has dynamic ip addresses when they are connected to internet.how can i make it.

need expert advice.

thanks in advance.

  • Remote Access
4 REPLIES
Bronze

Re: VPN configuration

Hi,

First of all, you need to have a static IP address for the adsl interface in order for the remote clients can access the enterprise using the VPN.

Second, where you want to make the VPN server the adsl router or the PIX? if the PIX, i think you need to enable port forwarding at the adsl router, this router will forward any IPSec request "for example" to the PIX. This is done with static IP address at the outside interface for the adsl router.

Or, if you can get more than one real IP address so you can configure the outside interface for the PIX with real IP address, if applicable, no need for port forwarding.

I hope i understand your point well!

Thanks

Abd Alqader

New Member

Re: VPN configuration

Hi,

I am having a similar problem, and I'm wondering if you can point me to a direction.

I have a 805 router with internet connection and a static IP address , and I want to extablish a VPN with 2 remote sites, wich have adsl connection and dynamic IP address.It is possible? How ? It is reliable?

Thanks in advance

David

Hall of Fame Super Blue

Re: VPN configuration

David

If the remote sites have dynamic addressing you can use a dynamic crypto map entry at your end. Here is a link to explain

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml

It is reliable, however be aware that with a dynamic crypto map there is a little less security as you are using the same key for multiple clients so if it is compromised on one of the sites then you will have to change it for all sites.

HTH

New Member

Re: VPN configuration

hi guys,

returning to the subject, i am facing the following problem. How to filter traffic comming from the internet? I do not have any access-list applied to that interface. I have to allow traffic from the internet to my webserver (http only) and deny everything else. I know I can use route-map on a static NAT to allow the VPN users to access the webserver, but how do I filter traffic on that interface.

Thanks in Advance

144
Views
4
Helpful
4
Replies