Cisco Support Community
Community Member

setting up IPSec VPNs using Cisco PIX 501s

I would like to set up hub and spoke VPN connectivity between a small main office and two remote offices using PIX 501s over dsl and cable. The remote offices have two or three devices that would connect to the main office server over an IPSec tunnel. Is there anything else I need besides the PIX 501s and dsl/cable modems ? to provide authentication? Manager(s) would also like to use software to be able to tunnel in from home.


Re: setting up IPSec VPNs using Cisco PIX 501s

if you want to keep it simple, pix501 with dsl/cable modem would be enough, you can setup vpn by using pre-shared key on pix. unless you want to authenticate with token or digital certificate.

h.o. lan <--> pix501 <--> modem <--> internet <--> modem <--> pix501 <--> remote lan

depends on the business requirement, you may want to setup lan-lan vpn or easy vpn. also depends on whether the reomte office has a static public ip or not. (note that h.o. must have a static public ip for vpn)

for easy vpn, only user from remote office can initiate the tunnel; whereas lan-lan vpn can be initiated from either h.o. or remote office. if remote office hasn't got a static public ip, then easy vpn is the only way.

regarding remote user from home, you can setup dynamic crypto map to allow remote vpn access. cisco vpn client software needs to be installed on home pc. then user will need a group username/password and (optional) individual username/password, both of them are pre-configured on the pix.


Re: setting up IPSec VPNs using Cisco PIX 501s

Following on from what Jack has explained, here are examples on how to configure:

IPSec LAN to LAN VPN Configuration example:

Configuring VPN between Static IP and Dynamic IP with NAT and VPN Client access:

PIX VPN Client access configuration example:

Hope this helps


CreatePlease to create content