Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Need to know easiest hardware solution for creating a VPN connection to PIX 506

Posted on 2007-08-10
6
Medium Priority
?
186 Views
Last Modified: 2013-11-16
I need to create a site to site VPN for a user in a home office that will be connecting to the PIX 506 at our main office.  The home office user does not have a static IP address.  What is the easiest way to make this happen?  What hardware would you recommend and what would I need to add to the PIX config to make the solution work?

Thanks
0
Comment
Question by:mortgagecoach
  • 4
  • 2
6 Comments
 
LVL 36

Expert Comment

by:grblades
ID: 19671506
Have a look at http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080241a0d.shtml

By configuring the PIX as a EasyVPN server it does not need the clients IP address hard coded into the config and therefore it is ideal where the client has a dynamic IP address and wants a LAN-LAN connection and therefore cannot use the software client.
0
 
LVL 36

Expert Comment

by:grblades
ID: 19671525
As far as what hardware I would recomend for the client as the config example uses an 831 I would go for one of those or the corresponding model depending on the internet type you have. The 800 series are cheap.
0
 

Author Comment

by:mortgagecoach
ID: 19671587
If I added this config and set up my 506 as an EasyVPN Server, would it mess up the other vpn connections I have with static ip's, or the connenctions I get from software VPN clients?  
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 36

Expert Comment

by:grblades
ID: 19671631
No it shouldn't do. Basically the PIX config is eactly what you would do to enable software VPN clients to connect. All you would need to do is add the extra vpngroup to the config and as the client specifies which vpngroup it wants to use during the authentication phase it wont cause any problems.

In order to avoid confusion you would probably be best off using the same transform set as used by the VPN clients so you dont need to add another to the config.
0
 

Author Comment

by:mortgagecoach
ID: 19671695
Ok, thanks.  I have a PIX 501 that I was considering using also and I found this article that might make it all work.  What do you think of this?....

http://www.cisco.com/warp/public/110/dynamicpix.html
0
 
LVL 36

Accepted Solution

by:
grblades earned 1500 total points
ID: 19671749
That would work however it uses a single isakmp preshared key. This means that all your lan-lan connections would have to use the same preshared key which is a bit of a security risk. It would also mean you would have to change the key on the devices at the other end of your lan-lan links which can sometimes be awkward depending on whether you have direct access to them.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question