Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX-Sonicwall Site-to-Site and Cisco VPN Client

I have a PIX 506e firewall that has a site-to-site VPN to a Sonicwall Pro 330 firewall which works perfectly. I would like to add the functionality of connecting remote users to the PIX network using Cisco's VPN client. I am running into the issue of only having a single crypto map applied to the outside interface. I need the functionality of having the tunnel between the site-to-site VPN able to be initiated from either side so I can't use a dynamic crypto map. Does anyone have any suggestions or knowledge on how to accomplish this?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: PIX-Sonicwall Site-to-Site and Cisco VPN Client

You dont need to add another crypto map to the outside interface. You just add the client information to your existing map for example:

crypto ipsec transform-set YOURSET esp-3des esp-sha-hmac

crypto map YOURMAP 10 ipsec-isakmp

crypto map YOURMAP 10 match address 100

crypto map YOURMAP 10 set peer x.x.x.x

crypto map YOURMAP 10 set transform-set YOURSET

crypto dynamic-map CLIENTS 10 set transform-set YOURSET

crypto map YOURMAP 90 ipsec-isakmp dynamic CLIENTS

3 REPLIES
Community Member

Re: PIX-Sonicwall Site-to-Site and Cisco VPN Client

You dont need to add another crypto map to the outside interface. You just add the client information to your existing map for example:

crypto ipsec transform-set YOURSET esp-3des esp-sha-hmac

crypto map YOURMAP 10 ipsec-isakmp

crypto map YOURMAP 10 match address 100

crypto map YOURMAP 10 set peer x.x.x.x

crypto map YOURMAP 10 set transform-set YOURSET

crypto dynamic-map CLIENTS 10 set transform-set YOURSET

crypto map YOURMAP 90 ipsec-isakmp dynamic CLIENTS

Community Member

Re: PIX-Sonicwall Site-to-Site and Cisco VPN Client

Thank you. This worked perfectly. I do have one more question. Is it possible to set a different ISAKMP policy to each specific crypto map?

Community Member

Re: PIX-Sonicwall Site-to-Site and Cisco VPN Client

Good to hear..

Not really. You can how ever set a different one for the Clients by making the policy you want to use for them as the first policy.

279
Views
0
Helpful
3
Replies
CreatePlease to create content