Re: IOS-to-IOS IPSec Tunnel Question

From: Javier Liendo (javier@liendo.net)
Date: Sun Nov 12 2006 - 11:43:53 ART

• Next message: Tim: "RE: vpn -- SA lifetime"
• Previous message: Salman Abbas: "Matching Voice Traffic"
• Maybe in reply to: Lab Rat #109385382: "IOS-to-IOS IPSec Tunnel Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hi lab rat

in this link you will find this scenario you are looking for (and many
others)....looking at the url i'm almost sure that this link is _not_
available on the doc cd but for the study-phase may be ok...

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

regards

javier

On 11/12/06, Lab Rat #109385382 <techlist01@gmail.com> wrote:
> Thanks for the info...actually, I'm also glad you emailed. I think PIX as
> an EZVPN client is the one VPN scenario I have not configured. Do you know
> where it is in the Doc CD? I can't find it...
>
> Thanks,
>
> Ed
>
>
> -----Original Message-----
> From: Alexei Monastyrnyi [mailto:alexeim@orcsoftware.com]
> Sent: Sunday, November 12, 2006 2:19 AM
> To: Lab Rat #109385382
> Cc: ccie >> Cisco certification; cisco@groupstudy.com;
> security@groupstudy.com
> Subject: Re: IOS-to-IOS IPSec Tunnel Question
>
> Hi.
>
> I have PIX to PIX static to dynamic IPSec peering in production like this.
>
> Remote PIX with dynamic IP address is peering statically with central PIX
> that has dynamic crypto map with no peer set up for remote PIX, only PSK is
> configured for remote DHCP range.
>
> This is similar to your situation and hub PIX cannot initiate VPN tunnel,
> only remote one does that.
>
> A.
>
> Lab Rat #109385382 wrote:
> > Is it safe to say that, if RouterA has a static crypto map statement
> > (with "set peer") and the RouterB has a dynamic crypto map (sans "set
> > peer"), that RouterB will never initiate the connection to RouterA?
> > Only RouterA can initiate the connection?
> >
> > I'm trying to simulate, but the routers automatically keep bringing
> > the tunnels back up every time I tear them down.
> >
> > Appreciate the advice.
> >
> > Thanks,
> >
> > Ed
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Tim: "RE: vpn -- SA lifetime"
• Previous message: Salman Abbas: "Matching Voice Traffic"
• Maybe in reply to: Lab Rat #109385382: "IOS-to-IOS IPSec Tunnel Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:46 ART