Multiple VPNs coming into a PIX 515

[Phantom309]

I have a customer that has a main office in Calif where customers remote into his server to place orders. For security he wants to get rid of his Linksys firewalls and have everybody access his network through a new PIX 515 running 6.3(3).

Each customer will have a new PIX 501. I'm confortable with configuring VPN using IPSec between any two PIXs but would the configuration for multiple VPNs coming into the 515 be the same for all remote sites? I'm speaking of the VPN and the IPSec config. As long as the clients and the 515 share the same Security Association (SA) policy between themselves, does it matter if it's just one client or 10 clients doing the sharing? If any one has a good config for such a setup, that would be excellent. Thanks in advance for your help.

Cliff Krahenbill (Phantom309)

http://www.clkcomputer.com

 

[Antelope]

Are you talking about having a different site-to-site VPN connection between each office and the main office? Is each remote branch in its own unique address scheme? (I.e., not all remote sites are 192.168.x.x/16)

 

[Phantom309]

Right. there is only one main site and each remote site will connect to it through the 515. The remote sites have their own seperate IP scheme and have nothing to do with each other. You could think of it as a hub and spoke type configuration with the main site as the hub and the spokes would be the remote sites connecting to it. Thanks.

Cliff Krahenbill (Phantom309)

http://www.clkcomputer.com