Re: Public address forVPN Tunnel

From: Richard Anderson (richard.p.anderson@sbcglobal.net)
Date: Fri Jun 03 2005 - 16:23:29 GMT-3

• Next message: istong@stong.org: "Re: 2 different ATM VPI/VCI"
• Previous message: Steve Ohnmacht: "Re: Testing with TCLSH"
• Maybe in reply to: Matt Mullen: "Re: Public address forVPN Tunnel"
• Next in thread: john matijevic: "Re: Public address forVPN Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Matt,

Assuming PIX 501 will act just like a Software VPN Client, wouldn't it work.
Just to clarify, I am only talking about configuring PIX 501 at 5 locations
connecting only back to PIX 515 at corporate location. There won't be any
spoke-to-spoke connectivity, just simple (1) Hub and 5(Spokes).

Thanks,

----- Original Message -----
From: "Matt Mullen" <mullenm@gmail.com>
To: "Richard Anderson" <richard.p.anderson@sbcglobal.net>
Cc: "Group Study" <ccielab@groupstudy.com>
Sent: Friday, June 03, 2005 11:16 AM
Subject: Re: Public address forVPN Tunnel

> Hi Richard,
>
> With PIX 6.3(x) code it would not be possible to have spoke-to-spoke
> connectivity due to a limitation of the PIX not being able to route
> traffic back out the same interface on which it was received. PIX 7.0
> code is supposed to address this issue but I have not had a chance to
> test this as of yet.
>
> Thanks,
> Matt
>
> On 6/1/05, Richard Anderson <richard.p.anderson@sbcglobal.net> wrote:
> > Hi Matt,
> >
> > Thanks for your help. One more questions
> >
> > Can EZVPN work in a hub and spoke topology? I have got 6 remote
locations
> > with PIX 501 that will need access to PIX515 at Corporate Office..
> >
> > Thanks again,
> >
> > ----- Original Message -----
> > From: "Matt Mullen" <mullenm@gmail.com>
> > To: "Richard Anderson" <richard.p.anderson@sbcglobal.net>
> > Cc: <ccielab@groupstudy.com>
> > Sent: Tuesday, May 24, 2005 7:58 AM
> > Subject: Re: Public address forVPN Tunnel
> >
> >
> > Richard,
> >
> > One way of solving this problem would be to configure the 515 as an
> > EZVPN server and the 501 as an EZVPN client. This will allow the 501
> > to function very similar to the Cisco VPN Client software so that it
> > can connect regardless of the dynamic ip address. The configuration
> > of the 515 will also be similar to the config used to support software
> > VPN clients. If your 515 is already configured to support VPN Client
> > software, then all you need to do is configure the 501 as an EZVPN
> > client.
> >
> >
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/basclnt.htm
> >
> > HTH,
> > Matt
> >
> >
> > On 5/23/05, Richard Anderson <richard.p.anderson@sbcglobal.net> wrote:
> > > I am setting up a VPN Tunnel between corporate PIX 515E and a PIX 501
at
> > > home. At home, the client has cable Modem/DSL connection with dynamic
> > > address. Won't it be a problem configuring a dynamic public address
for
> > > establishing a successful tunnel. Does it require to have a static IP
> > > address at home location from the ISP?
> > >
> > > Regards,
> > >
> > > Richard
> > >
> > >

• Next message: istong@stong.org: "Re: 2 different ATM VPI/VCI"
• Previous message: Steve Ohnmacht: "Re: Testing with TCLSH"
• Maybe in reply to: Matt Mullen: "Re: Public address forVPN Tunnel"
• Next in thread: john matijevic: "Re: Public address forVPN Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:40 GMT-3