PPTP from a 7507 Cisco Router to a Cisco 506E PIX

I'm not sure how elementary this is, but here is the scenario:

We switched ISPs not too long ago, our original configuration was a C2600 router and the 7507 router both had a PPTP tunnel between this site and our Washington offices.

We're currently trying to get the 7507 Router to talk to the newly installed 506E firewall that is installed here at this site. My contact in Washington tells me the 506E doesn't support PPTP and that the 7507 doesn't support the new AES encryption schemes, so we're stuck. Is this really the case? What I need to do is basically allow a PPTP tunnel between the 7507 and the 506E, note it's not connecting to anything behind either device, the 506E and 7507 are both endpoints. Is there a possibility this can't be done?

The old Cisco router basically had an interface called TunnelX with the IP source of our old router, tunnel destination on their end and ACLs to allow access through to their internal IPs.

Sorry this sounds so vague but I'm at a loss as to where to start...
kittensizedbulldozerAsked:
Who is Participating?
 
grbladesConnect With a Mentor Commented:
Hi kittensizedbulldozer,
If the 7507 does not support AES then you can still use DES or 3DES encryption. For an example see :-
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

The PIX does support PPTP. See an example here
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080143a5d.shtml
0
 
lrmooreConnect With a Mentor Commented:
If you have IPSEC 3DES feature set on the 7507, then it should also support AES
Yes, the PIX does support PPTP, but only in a client/server role, not LAN-LAN. I don't think the 7507 is capable of being a PPTP client. I'm not sure this is really what you want to do.
If your intent is to create a LAN-to-LAN VPN tunnel, using IPSEC, then it should be a piece of cake using the example config that grblades posted above.
0
 
kittensizedbulldozerAuthor Commented:
Yeah just so you know I'm looking into grblades' suggestions still, I'm just super swamped with everything else that has been going wrong this week so I will look the solutions over and get back to you guys as to whether it was helpful or not. Just glancing over, the second article looks like maybe what we're trying to attempt, but part of my issue right now is getting a straight answer out of the Washington office as to how exactly they want us to connect to them. :-)
0
 
kittensizedbulldozerAuthor Commented:
We ended up re-configuring our 2600 into the network in order to handle the endpoints, so we're good. Thanks anyways...someday we'll probably take the 2600 and take another swing at it, so I'll reference those articles grblades mentioned then. Thanks guys.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.