Solved

PIX-to-PIX IPSEC in addition to Cisco Client VPN

Posted on 2004-10-14
2
383 Views
Last Modified: 2010-04-11
Hi all,

We already have our PIX firewall configured to accept connection from Cisco Client VPN; we have a client that would like to establish a PIX-to-PIX VPN session with our office.
Is it possible to have both configurations (i.e. client vpn and lan-to-lan vpn) running on the same firewall?

Thank you
0
Comment
Question by:tshi5791
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Accepted Solution

by:
Seamless-IT earned 250 total points
ID: 12329202
Yes, here is an example of the config. It's just the crypto stuff so you would need to add your ACL.

Map 20 is the site to site and 50 is the dynamic. Make sure that you put no-xauth no-config mode after the isakmp key.

crypto ipsec transform-set myset esp-des esp-md5-hmac                                                    
crypto dynamic-map dynmap 50 set transform-set myset                                                    
crypto map mymap 20 ipsec-isakmp                                
crypto map mymap 20 match address xxx                                      
crypto map mymap 20 set peer x.x.x.x                                      
crypto map mymap 20 set transform-set myset                                          
crypto map mymap 50 ipsec-isakmp dynamic dynmap                                              
crypto map mymap interface outside                                  
isakmp enable outside                    
isakmp key ******** address x.x.x.x netmask x.x.x.x no-xauth no-config mode
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup xxx address-pool vpnips
vpngroup xxx dns-server x.x.x.x
vpngroup xxx default-domain HealthEffects.org
vpngroup xxx split-tunnel xxx
vpngroup xxx idle-time 1800
vpngroup xxx password ********

-Adam
0
 

Author Comment

by:tshi5791
ID: 12357568
Thank you for the info, I was able to add this to our current config and have it to work.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question