Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

5 points site-to-site vpn

Status
Not open for further replies.
PaoloZ

PaoloZ

Technical User
Jun 24, 2003
6
IT
Hi, I'm an absolute newbie with PIX fw.
Unfortunately I've to solve a problem bigger than my knowledge, I'm still studying CISCO PIX, but an emergency ask me to provide a solution ASAP.
I need to connect via vpn 5 nets connected to the Internet.
Every site is provided with a Pix 506e.
There is a main site and 4 satellite offices.

How do I connect all 5 the LAN each other ? What are the key element of the configuration for each PIX ?

Could anyone provide me with a template of the configuration ?

Thanks

Paolo
 
Sort by date Sort by votes
HI.

You can also use GUI tools to help you.
The current pix devices come with PDM that has VPN wizard which works fine.
You can also use my pixcript tool to generate sample configs:

A combination of Cisco samples to understand what is going on and a GUI tool to help you manage it, can be a good way to go.

You should ask yourself some questions regarding the VPN design:
* Will you have static fixed IP for each pix device?
* Do you need a "full mesh" or "Hub and Spoke", or what?
* Do you need bidirectional VPN or only branch offices will initiate connection to main office?
* What about bandwidth issues? Maybe you'll also need to install a terminal server at the main office?
* What about name resolution (DNS/WINS), and other OS issues related to WAN links?

You can choose between traditional IPSec site to site VPN, or the newer "Easy VPN" feature which is available with the pix.
I recommend the standard IPSec VPN which is very flexible, but the choice of "Easy VPN" can be easier to configure, and should be preffered if the branch offices will NOT have fixed ip address.

In general - the pix is a good choice for such implementation.
You might wish to put a pix515 at the main office for additional features like DMZ.

You'll find more pix related links here:

Good Luck.


Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
775
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
642
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
643
intel233
intel233
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
175
WhosYourDiffie
WhosYourDiffie
wrighbr1
  • Locked
  • Question
Cisco ASA 5505 site to site VPN problem
Replies
0
Views
129
wrighbr1
wrighbr1

Part and Inventory Search

Sponsor

Back
Top