• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 238
  • Last Modified:

General questions about PIX 501 to PIX 50 VPN?

I am in the process of setting up an IPSec VPN between two PIX 501s.  In the lab I have made the VPN work.

I have several questions which I need answers to.  I do not need to know specifics at this time, just generalities with supporting links would be helpful. (50 points per question)

Question 1:
Can the remote site which is using dynamic DSL be configured to connect to the home site which is using static IP?  I know it can be done if the home site is a Cisco concentrator, but will it work if the home site is a Cisco PIX 501?

Question 2:
Can the vpn tunnel be made to activate automatically without the requirement for interesting traffic to be sent?

Question 3:
If question 2 is true can the tunnel be made to never time out?

Question 4:
Once the tunnel is up, is the dhcprelay command required for the user pc at the remote site to request an IP address from a dhcp server at the home site?

Question 5:
As a general rule does an IPSec vpn allow ALL traffic to pass through in both directions as long as an ACL allows it?
0
dalva
Asked:
dalva
  • 4
3 Solutions
 
Pete LongConsultantCommented:
2 Yes but you would need to add an isakmp keepalive to the Tunnel to do this (it keeps the tunnel up)

e.g.

 isakmp keepalive 10

0
 
Pete LongConsultantCommented:
3. Yes see above

4. No see number 1 :)

5. NO! but once you have the following command it does

sysopt connection permit-ipsec

0
 
Pete LongConsultantCommented:
ThanQ
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now