Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

can PIX515 serve as VPN client?

have to configure vpn to corp network from a remote location without static IP (get a random IP in a conference)

I have a spare PIX515 and a spare 2600 router - can any of them be used as VPN client?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: can PIX515 serve as VPN client?

Hello,

I am very sorry to inform you that the information provided in the first reply is not true. The only Pix Hardware that support HW client in a EZVpn environment are the Pix 501 and Pix 506e ONLY.

Here you can find the note that states it

Note: The PIX 501 and PIX 506/506E are Easy VPN Remote and Easy VPN Server           devices. The PIX 515/515E, PIX 525, and PIX 535 act as Easy VPN Servers only.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094cf8.shtml

Hope this Helps.

Mike

Mike
10 REPLIES
New Member

Re: can PIX515 serve as VPN client?

Hi,

Yes either or can be used for the VPN termination point.  I suspect yuo will be doing a site-to-site VPN.  The only thing preventing you from creating this on either or is if the IOS does not support the VPN connectivity.  Your PIX will be more likely to have an IOS with VPN features but again, either or.

PIX guide - http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sit2site.html

Router guide (via SDM) - http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_configuration_example09186a00806ad10e.shtml

Regards

Jimmy

New Member

Re: can PIX515 serve as VPN client?

IOS support VPN but I think you missed the point

I do not have a static IP and site-to-site require one on both ends

I need to use it (or a couple of 2600s) as client only

Cisco Employee

Re: can PIX515 serve as VPN client?

Hello,

I am very sorry to inform you that the information provided in the first reply is not true. The only Pix Hardware that support HW client in a EZVpn environment are the Pix 501 and Pix 506e ONLY.

Here you can find the note that states it

Note: The PIX 501 and PIX 506/506E are Easy VPN Remote and Easy VPN Server           devices. The PIX 515/515E, PIX 525, and PIX 535 act as Easy VPN Servers only.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094cf8.shtml

Hope this Helps.

Mike

Mike
New Member

Re: can PIX515 serve as VPN client?

Maykol,

thanks for the clarification, that was my initial suspicious and reason for this question...

saying that, is there any work around for this kind of scenario?

Cisco Employee

Re: can PIX515 serve as VPN client?

Hello,

No problem, well, not just because you dont have an static IP means that you cannot have a L2L tunnel with a Dynamic crypto map. Given the case that you actually need to connect any of these devices to a VPN server at the main office, I can tell you that the Pix wont be able, and the 2600 series Im not sure.

Doing some research I found that maybe in an specific version you will be able to. Please use this link below, you will be able to search an Image that will fit your router with the feature that you need. Just fill up the blanks.

http://tools.cisco.com/Support/Fusion/FusionHome.do

Hope it helps.

Mike

Mike
New Member

Re: can PIX515 serve as VPN client?

thanks.

I'll have to find anothr solution...

Re: can PIX515 serve as VPN client?

What device do you have at your main site that this pix or ios router is going to connect to ?

Try looking at this link :

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801dddbb.shtml

New Member

Re: can PIX515 serve as VPN client?

main site uses ASA5520

Re: can PIX515 serve as VPN client?

If you have asa on the mainsite, you should be able to use the ios router as a "hardware" vpn client. You just create a new vpn group and allow remote extension and then configure the router as a client. This will allow L2L traffic, though the router will be the only device that can open the tunnel, and you will be able to use dynamic addresses on the router.

crypto ipsec client ezvpn test
connect auto
group key
mode network-extension
peer
username password
xauth userid mode local
!

Interface

crypto ipsec client ezvpn test inside
!

Interface

  crypto ipsec client ezvpn test
!

Other than that you will just need a default route to the internet, and you should be good to go.

New Member

Re: can PIX515 serve as VPN client?

jan,

this would work on a 2600 router?

755
Views
0
Helpful
10
Replies