Link to home
Start Free TrialLog in
Avatar of cmitdenver
cmitdenverFlag for United States of America

asked on

Need to create multiple gateway to gateway connections without disturbing current User VPN config

I have a customer with a PIX 506e that currently has multiple offices accessing with individual user VPN access.  Now they would like to install RV042 VPN routers at each of the four locations.  I have found many examples of how to build this config but they all seem to require static IP Addresses at each office.  How can I build this config for multiple offices w/dynamic IP addresses maintain the multiple users that already have a personal vpn access without disrupting losing their access?
PIX-CONFIG-sterilized.txt
Avatar of mkielar
mkielar
Flag of United States of America image

What exactly are you going to benefit by installing these site-to-site vpns w/ dynamic ip address?

If you were to make them site-to-site why would you not want to use static addresses?

If there are so many users that it has become too difficult to manage them all individually, you might have totall justification by setting up site-to-site static vpns.  If it is just a financial issue, that may be different, but dynamic site-to-site vpns are known to cause a lot of headaches. Maybe you can explain more of your environment now and what you are looking to do in the future with it. Im sorry to answer your question with another question but I would really try to avoid the dynamic setup.  

On the social side of it: If they're your customer and they can't afford for the tunnels to drop for awhile, they really might want to spend the money to keep the tunnels up more consistently.  i'm assuming that they're using cable modems/dsl for access as they are getting dynamic IP's assigned. Nowadays it's fairly inexpensive to upgrade your service and get a static IP assigned.
Avatar of cmitdenver

ASKER

Yes, it does boil down to money and DSL.  The reasoning behind the site-to-site is a silly one.  The client has a new application that requires all printers in the network be shared/published from the application server it is running on.  This application does not interface with any of the servers services.  It handles all of its own printing and queueing.  Because of this requirement we must establish a semi-permanent connection in order to get shares established on the server and enjoy the side effect of eliminating most of the users accounts.  I agree with the static addressing and I'm pushing for that.  Another eviromental issue I have noted is that the PIX is running 6.3(5) which limits a lot of the commands that I was going to use from other config examples.
ASKER CERTIFIED SOLUTION
Avatar of mkielar
mkielar
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial