Site to Site VPN Pix 515 and Cisco 837 router

Hi Guys,

I am trying to setup a site to site VPN for one of our remote sites. We currently have a Pix 515 firewall which accepts remote access VPN connections from users with the cisco VPN client installed on there machines.

I have an 837 series ADSL router from Cisco, which i want to setup as the other end of the site to site VPN. What is the easiest way of setting this up without disturbing the current remote access configuration?

I can provide any info that is needed, This question is a bit vague!

Any help much appreciated,

Who is Participating?
That is a default setting. You can refer to LOCAL as an authentication mechanism for HTTP, SSH, or other access methods. This would require you to have a local username/password list right on the box, i.e.
  username user1 password password1
  username user2 password password2
you should be able to add any site to site VPN you want to. You may need to add at least three lines:

access-list 101 permit
access-list outside_cryptomap_20 permit
crypto map mymap

I find the easy way is use PDM. Please check the for more information.
hairy51Author Commented:
Would you be able to tell me what the following line from the Pix config does?

aaa-server LOCAL protocol local

hairy51Author Commented:

I have tried to set up the VPN following Cisco's docs. We have a number of VPNGroups set up on the box, and people use the Cisco VPN client on their PC's to gain access to the network. As soon as i tried to configure the VPN link to the 837, all of the other clients stopped working.
I have attached a config of the Pix BEFORE i added any new commands, The router i am trying to connect to has a static IP address and a private address range of /16. Can you point me in the right direction? I didn't actually configure the pix originally, i am taking over from someone who has left us in the lurch, So struggling a bit!

Any help much appreciated

Hostname# show run
: Saved
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
interface ethernet3 auto
interface ethernet4 auto
interface ethernet5 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
nameif ethernet3 pix/intf3 security15
nameif ethernet4 pix/intf4 security20
nameif ethernet5 pix/intf5 security25
enable password m5lf2m393rgslhXN encrypted
passwd j/BezwIrzRqSU/u. encrypted
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sqlnet 1526
access-list inside_outbound_nat0_acl permit ip any
access-list inside_outbound_nat0_acl permit ip any
access-list outside_cryptomap_dyn_20 permit ip any

*****************Access-Lists removed*********************

pager lines 24
logging on
logging timestamp
logging buffered debugging
logging trap debugging
logging host inside
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu pix/intf3 1500
mtu pix/intf4 1500
mtu pix/intf5 1500
ip address outside x.x.x.x
ip address inside
ip address dmz
no ip address pix/intf3
no ip address pix/intf4
no ip address pix/intf5
ip audit info action alarm
ip audit attack action alarm
ip local pool support
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address dmz
no failover ip address pix/intf3
no failover ip address pix/intf4
no failover ip address pix/intf5

***********pdm location commands removed***************

pdm logging alerts 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 2 0 0
nat (inside) 1 0 0

***********Static routes removed**********************

access-group outside_in in interface outside
access-group inside_out in interface inside
access-group dmz_in in interface dmz
route outside x.x.x.x
route inside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp nat-traversal 20
isakmp policy 15 authentication pre-share
isakmp policy 15 encryption des
isakmp policy 15 hash md5
isakmp policy 15 group 2
isakmp policy 15 lifetime 86400
vpngroup support address-pool support
vpngroup support dns-server
vpngroup support wins-server
vpngroup support default-domain
vpngroup support idle-time 1800
vpngroup support password ********
vpngroup user address-pool support
vpngroup user dns-server
vpngroup user wins-server
vpngroup user default-domain
vpngroup user idle-time 1800
vpngroup user password ********
vpngroup canonsgrove address-pool support
vpngroup canonsgrove dns-server
vpngroup canonsgrove wins-server
vpngroup canonsgrove default-domain
vpngroup canonsgrove idle-time 1800
vpngroup canonsgrove password ********
vpngroup address-pool idle-time 1800
telnet inside
telnet dmz
telnet pix/intf3
telnet pix/intf4
telnet pix/intf5
telnet timeout 5
ssh outside
ssh inside
ssh timeout 5
console timeout 0
terminal width 80
: end
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.