November 19, 2008 02:26am pst

1. batry_boy 632,921
2. lrmoore 520,600
3. PeteLong 141,217
4. Voltz-dk 120,870
5. MrHusy 120,045
6. mkielar 107,219
7. JFrederic... 103,500
8. Cyclops3... 98,738
9. Pugglewu... 73,677
10. _jesper_ 65,025
11. harbor235 50,640
12. rsivanandan 49,505
13. grblades 46,350
14. raptorjb007 44,800
15. nodisco 40,900
16. arnold 40,323
17. ck459 39,525
18. 2PiFL 35,575
19. RPPreacher 35,046
20. Jay_Gridley 34,935
21. from_exp 34,120
22. mabutterfi... 33,425
23. MikeKane 32,090
24. clearacid 31,205
25. naughton 28,380

1. lrmoore 2,467,881
2. batry_boy 1,001,045
3. rsivanandan 352,134
4. grblades 349,235
5. PeteLong 328,058
6. nodisco 277,487
7. calvinetter 254,590
8. MrHusy 241,746
9. Voltz-dk 228,809
10. Cyclops3... 215,644
11. JFrederic... 160,500
12. harbor235 121,650
13. tim_holman 120,177
14. carribeant... 108,132
15. mkielar 107,219
16. keith_ala... 105,619
17. _jesper_ 86,525
18. Pugglewu... 73,677
19. RPPreacher 73,023
20. stressedo... 60,512
21. td_miles 60,417
22. pruecons... 57,463
23. charan_j... 55,118
24. jjoseph_x 46,722
25. billwharton 45,258

02.15.2007 at 11:33AM PST, ID: 22392290

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.6

Need help with configuration of PIX 515E to remote Cisco 871W site to site VPN with dynamic addressing

Asked by verance in Cisco PIX Firewall

Tags: pix, cisco

Here is my basic setup:

PIX 515 with IOS 7.1(2) connected via site to site vpn with a Cisco 871W (IOS 12.4).

I originally set this up with a static address for the point to point between these two systems and that worked great.

Now the user on the remote side changed his ISP and is getting dynamic addressing. So of course every time his ISP makes a change a couple of changes need to be made on the central PIX.

I referenced the following Cisco article that discusses such a setup between two pix devices:
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a0080094680.shtml

I need a check on the config of the two devices.

Here is how it's setup on the PIX now:

crypto map VERANCE-VPN-MAP 200 set peer <external IP masked> <---current external IP of remote device
crypto map VERANCE-VPN-MAP 200 set transform-set DEFAULT-TRANSFORM-SET

tunnel-group <external IP masked> type ipsec-l2l <---current external IP of remote device
tunnel-group <external IP masked> ipsec-attributes <---current external IP of remote device
pre-shared-key *

and on the 871W:

crypto isakmp policy 10
authentication pre-share
crypto isakmp key ********* address <external IP masked> <---current external IP central PIX

____________________________________________________________________

The article mentions that the main setting change that should take place on the central PIX are (as interpreted by me):

crypto map VERANCE-VPN-MAP 200 set peer 0.0.0.0
crypto map VERANCE-VPN-MAP 200 set transform-set DEFAULT-TRANSFORM-SET

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

(this would replace the lines above)

Nothing would be changed on the remote 871W (unless of course the external IP address of the central PIX were to change).

Is this the only change that would need to be made - or is there more coding involved?

Start Free Trial

Keywords: Need help with configuration of PIX 5…

	Title
1	Pix to Pix VPN
2	adding 2nd VPN to PIX
3	Remote access to a Pix from a Pix prot…
4	PIX
5	pix VPN
6	Dyamic to static site to site VPN with PI…

Loading Advertisement...

20080716-EE-VQP-32

Need help with configuration of PIX 515E to remote Cisco 871W site to site VPN with dynamic addressing

Asked by verance in Cisco PIX Firewall

Tags: pix, cisco

About this solution