Re: Public address forVPN Tunnel

From: Matt Mullen (mullenm@gmail.com)
Date: Fri Jun 03 2005 - 15:16:36 GMT-3

• Next message: atolstykh@atfam.com: "RE: NAT vs SLB"
• Previous message: ccie2be: "using NBAR to match web traffic"
• Next in thread: Richard Anderson: "Re: Public address forVPN Tunnel"
• Maybe reply: Richard Anderson: "Re: Public address forVPN Tunnel"
• Maybe reply: john matijevic: "Re: Public address forVPN Tunnel"
• Maybe reply: Chad Hintz: "Re: Public address forVPN Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Richard,

With PIX 6.3(x) code it would not be possible to have spoke-to-spoke
connectivity due to a limitation of the PIX not being able to route
traffic back out the same interface on which it was received. PIX 7.0
code is supposed to address this issue but I have not had a chance to
test this as of yet.

Thanks,
Matt

On 6/1/05, Richard Anderson <richard.p.anderson@sbcglobal.net> wrote:
> Hi Matt,
>
> Thanks for your help. One more questions
>
> Can EZVPN work in a hub and spoke topology? I have got 6 remote locations
> with PIX 501 that will need access to PIX515 at Corporate Office..
>
> Thanks again,
>
> ----- Original Message -----
> From: "Matt Mullen" <mullenm@gmail.com>
> To: "Richard Anderson" <richard.p.anderson@sbcglobal.net>
> Cc: <ccielab@groupstudy.com>
> Sent: Tuesday, May 24, 2005 7:58 AM
> Subject: Re: Public address forVPN Tunnel
>
>
> Richard,
>
> One way of solving this problem would be to configure the 515 as an
> EZVPN server and the 501 as an EZVPN client. This will allow the 501
> to function very similar to the Cisco VPN Client software so that it
> can connect regardless of the dynamic ip address. The configuration
> of the 515 will also be similar to the config used to support software
> VPN clients. If your 515 is already configured to support VPN Client
> software, then all you need to do is configure the 501 as an EZVPN
> client.
>
> http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/basclnt.htm
>
> HTH,
> Matt
>
>
> On 5/23/05, Richard Anderson <richard.p.anderson@sbcglobal.net> wrote:
> > I am setting up a VPN Tunnel between corporate PIX 515E and a PIX 501 at
> > home. At home, the client has cable Modem/DSL connection with dynamic
> > address. Won't it be a problem configuring a dynamic public address for
> > establishing a successful tunnel. Does it require to have a static IP
> > address at home location from the ISP?
> >
> > Regards,
> >
> > Richard
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: atolstykh@atfam.com: "RE: NAT vs SLB"
• Previous message: ccie2be: "using NBAR to match web traffic"
• Next in thread: Richard Anderson: "Re: Public address forVPN Tunnel"
• Maybe reply: Richard Anderson: "Re: Public address forVPN Tunnel"
• Maybe reply: john matijevic: "Re: Public address forVPN Tunnel"
• Maybe reply: Chad Hintz: "Re: Public address forVPN Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:40 GMT-3