From: Lab Rat #109385382 (techlist01@gmail.com)
Date: Sun Nov 12 2006 - 07:30:09 ART
Thanks for the info...actually, I'm also glad you emailed. I think PIX as
an EZVPN client is the one VPN scenario I have not configured. Do you know
where it is in the Doc CD? I can't find it...
Thanks,
Ed
-----Original Message-----
From: Alexei Monastyrnyi [mailto:alexeim@orcsoftware.com]
Sent: Sunday, November 12, 2006 2:19 AM
To: Lab Rat #109385382
Cc: ccie >> Cisco certification; cisco@groupstudy.com;
security@groupstudy.com
Subject: Re: IOS-to-IOS IPSec Tunnel Question
Hi.
I have PIX to PIX static to dynamic IPSec peering in production like this.
Remote PIX with dynamic IP address is peering statically with central PIX
that has dynamic crypto map with no peer set up for remote PIX, only PSK is
configured for remote DHCP range.
This is similar to your situation and hub PIX cannot initiate VPN tunnel,
only remote one does that.
A.
Lab Rat #109385382 wrote:
> Is it safe to say that, if RouterA has a static crypto map statement
> (with "set peer") and the RouterB has a dynamic crypto map (sans "set
> peer"), that RouterB will never initiate the connection to RouterA?
> Only RouterA can initiate the connection?
>
> I'm trying to simulate, but the routers automatically keep bringing
> the tunnels back up every time I tear them down.
>
> Appreciate the advice.
>
> Thanks,
>
> Ed
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:46 ART