|
Home > Archive > CCIE > February 2004 > VPN Concentrator Question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
VPN Concentrator Question
|
|
| btroadman 2004-02-03, 5:21 pm |
| I am installing a VPN 3000 Concentrator with multiple remote sites, all with PIX 501's which connect through some sort of Broadband Internet, cable, dsl, wireless, etc. A very few of these sites don't have static IP addresses on the public interface and do change from time to time. All my other sites are up and running with the IPSec LAN-to-LAN configuration. But I can't seem to find where to setup a client-to-LAN or what I would call a DYNAMIC Tunnel Policy for the few locations that have changing IP addresses. Can anyone shed some light on this for me. I appreciate the time.
VPN Concentrator version 4.0
PIX Firewall version 6.1 | |
| btroadman 2004-02-21, 2:11 pm |
| In case anyone ever needs to know this, under the VPN tab in the PDM the last option on the left is "EASY VPN". It spells it out there for you. Don't use any other IKE rules at all, just fill in the blanks under the EASY VPN on the PIX side. Create a user and group for the remote VPN and you should be good. | |
| haseeb_eng 2004-02-22, 8:21 am |
| I believe PIX supports LAN-to-LAN tunnels only? | |
| btroadman 2004-02-22, 12:13 pm |
| Then it is interesting how I have a dozen people connected with dynamic addresses out there.
If you log into a PIX with IOS 6.1 or better, you will see an "EASY VPN" option under the VPN tab. From there you can configure a user and group for a client-to-LAN connection. |
|
|
|
|