Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
0
Helpful
3
Replies

PIX-Sonicwall Site-to-Site and Cisco VPN Client

Go to solution
iqsys
Level 1
Level 1

‎03-19-2004 02:54 PM

I have a PIX 506e firewall that has a site-to-site VPN to a Sonicwall Pro 330 firewall which works perfectly. I would like to add the functionality of connecting remote users to the PIX network using Cisco's VPN client. I am running into the issue of only having a single crypto map applied to the outside interface. I need the functionality of having the tunnel between the site-to-site VPN able to be initiated from either side so I can't use a dynamic crypto map. Does anyone have any suggestions or knowledge on how to accomplish this?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jasobrown
Level 1
Level 1

‎03-23-2004 07:15 AM

You dont need to add another crypto map to the outside interface. You just add the client information to your existing map for example:

crypto ipsec transform-set YOURSET esp-3des esp-sha-hmac

crypto map YOURMAP 10 ipsec-isakmp

crypto map YOURMAP 10 match address 100

crypto map YOURMAP 10 set peer x.x.x.x

crypto map YOURMAP 10 set transform-set YOURSET

crypto dynamic-map CLIENTS 10 set transform-set YOURSET

crypto map YOURMAP 90 ipsec-isakmp dynamic CLIENTS

View solution in original post

0 Helpful
3 Replies 3

Go to solution
jasobrown
Level 1
Level 1

‎03-23-2004 07:15 AM

You dont need to add another crypto map to the outside interface. You just add the client information to your existing map for example:

crypto ipsec transform-set YOURSET esp-3des esp-sha-hmac

crypto map YOURMAP 10 ipsec-isakmp

crypto map YOURMAP 10 match address 100

crypto map YOURMAP 10 set peer x.x.x.x

crypto map YOURMAP 10 set transform-set YOURSET

crypto dynamic-map CLIENTS 10 set transform-set YOURSET

crypto map YOURMAP 90 ipsec-isakmp dynamic CLIENTS

0 Helpful

Go to solution
iqsys
Level 1
Level 1
In response to jasobrown

‎03-23-2004 08:02 AM

Thank you. This worked perfectly. I do have one more question. Is it possible to set a different ISAKMP policy to each specific crypto map?

0 Helpful

Go to solution
jasobrown
Level 1
Level 1
In response to iqsys

‎03-24-2004 10:41 AM

Good to hear..

Not really. You can how ever set a different one for the Clients by making the policy you want to use for them as the first policy.

0 Helpful
Customers Also Viewed These Support Documents