Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Help, anyone knows how to config site-to-siteVPN w/Pix515E&LinksysBEFSX41?

Hi Guys,

Please help, is anyone tested or knows how to configure the Pix 515E site-to-site VPN with Linksys BEFSX41? As of this time, i'm using cisco vpn client to have a vpn tunnel (running and operational) to our head office but we are planning to implement site-to-site VPN, Pix515E at Head Office and Linksys BEFSX41 on our remote branches. Thanks in advance and more power!

3 REPLIES

Re: Help, anyone knows how to config site-to-siteVPN w/Pix515E&L

Hello,

Please have a look at this URL for cisco PIX configuration... the other end can be a router/linksys or any other device..

http://www.cisco.com/warp/public/110/39.html

For linksys configuration, u can probably google it....

Hope this helps.. all the best.. rate replies if found useful..

Raj

New Member

Re: Help, anyone knows how to config site-to-siteVPN w/Pix515E&L

Raj,

Thanks for your help, I'll do some experimentation on this. Also, is it possible to configure my pix515E for Site-to-Site VPN and at the same time for VPN Client-to-Site VPN?

More power!

Reden

Gold

Re: Help, anyone knows how to config site-to-siteVPN w/Pix515E&L

Reden

Yes you can have both, here's an example:

access-list nonat permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list nonat permit ip 10.0.0.0 255.255.255.0 172.10.10.0 255.255.255.224

access-list 100 permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 101 permit ip 10.0.0.0 255.255.255.0 172.10.10.0 255.255.255.224

ip local pool raspool 172.10.10.1-172.10.10.30 mask 255.255.255.224

nat (inside) 0 access-list nonat

sysopt connection permit-ipsec

crypto ipsec transform-set esp-3des esp-md5-hmac

crypto dynamic-map dynmap 100 set transform-set

crypto map 1 ipsec-isakmp

crypto map 1 match address 100

crypto map 1 set peer

crypto map 1 set transform-set

crypto map 65535 ipsec-isakmp dynamic dynmap

crypto map interface outside

isakmp enable outside

isakmp key address netmask 255.255.255.255

isakmp identity address

isakmp nat-traversal

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash md5

isakmp policy 1 group 2

isakmp policy lifetime 86400

vpngroup address-pool raspool

vpngroup dns-server

vpngroup wins-server

vpngroup default-domain

vpngroup split-tunnel 101

vpngroup idle-time 1800

vpngroup password

NOTE - If you need access to the internet whilst connected to your internal network using the vpn client then you'll need

to use the 'split-tunnel' command, I personally don't allow this for security reasons but added this so that you know it can

be done.

Hope this helps and let me know if you have any further questions - please rate posts if it helps.

107
Views
0
Helpful
3
Replies