Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

VPN Tunnel Between Pix & Router


I would like to setup basic VPN tunnel between a router and other pixfirewal, what should I keep in concern? also could any body show me sample config that shoud be done on Pix?



Re: VPN Tunnel Between Pix & Router


this should not be too difficult in case you follow

"Configuring IPSec - Router to PIX" at

and have the proper IOS versions.

Another option using certificates:

"How to Configure a LAN-to-LAN IPSec Between a Router and a PIX Using Digital Certificates"

Hope this helps! Please rate all posts.

Regards, Martin

Re: VPN Tunnel Between Pix & Router

Hi Martin,

Thanks for ur input, but I am not sure that I got fully understand the bellow when reading the above link:

This document illustrates an IP Security (IPSec) configuration between a router and a Cisco Secure PIX Firewall. We want to use private internal IP addresses when passing traffic between the headquarters LAN and the remote LANs, and to translate the LAN hosts to routable IP addresses when users access the Internet. However, users can also access public pages on the Internet without their traffic going through the tunnel using the route-map command.

could u clarify it a little bit more,


Re: VPN Tunnel Between Pix & Router


LAN users behind the router can access the LAN/networks behind the PIX through the IPSec tunnel. In addition internet access is allowed locally and not through the HQ. Wen the internet is accessed through the router locally, the router will also perform NAT to allow this.

Hope this clarifies a bit. What is still unclear?

Please rate all posts. Regards, Martin

Re: VPN Tunnel Between Pix & Router

Hi Martin,

u clarify it quite well, but I have one question:

1- What if I want to use all internet services/access via the HO, I meant to say in my case, I would like users behind the router using (proxy settings/Internet access/ip telephon communications) thats already applied behind HO-PIX?

In other words, lets consider the HO here is more likely provider, could I use all the Services including Internet access through the IP Sec Tunnel?

Thanks a gain for your concern,


CreatePlease login to create content