Solved

PIX-to-PIX IPSEC in addition to Cisco Client VPN

Posted on 2004-10-14
2
379 Views
Last Modified: 2010-04-11
Hi all,

We already have our PIX firewall configured to accept connection from Cisco Client VPN; we have a client that would like to establish a PIX-to-PIX VPN session with our office.
Is it possible to have both configurations (i.e. client vpn and lan-to-lan vpn) running on the same firewall?

Thank you
0
Comment
Question by:tshi5791
2 Comments
 
LVL 2

Accepted Solution

by:
Seamless-IT earned 250 total points
ID: 12329202
Yes, here is an example of the config. It's just the crypto stuff so you would need to add your ACL.

Map 20 is the site to site and 50 is the dynamic. Make sure that you put no-xauth no-config mode after the isakmp key.

crypto ipsec transform-set myset esp-des esp-md5-hmac                                                    
crypto dynamic-map dynmap 50 set transform-set myset                                                    
crypto map mymap 20 ipsec-isakmp                                
crypto map mymap 20 match address xxx                                      
crypto map mymap 20 set peer x.x.x.x                                      
crypto map mymap 20 set transform-set myset                                          
crypto map mymap 50 ipsec-isakmp dynamic dynmap                                              
crypto map mymap interface outside                                  
isakmp enable outside                    
isakmp key ******** address x.x.x.x netmask x.x.x.x no-xauth no-config mode
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup xxx address-pool vpnips
vpngroup xxx dns-server x.x.x.x
vpngroup xxx default-domain HealthEffects.org
vpngroup xxx split-tunnel xxx
vpngroup xxx idle-time 1800
vpngroup xxx password ********

-Adam
0
 

Author Comment

by:tshi5791
ID: 12357568
Thank you for the info, I was able to add this to our current config and have it to work.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now