PIX 515E SITE to SITE VPN Config.

[rmessenger94]

Please anybody outthere help me!!!
I have a PIX 515 config. in the main office for remote to site VPN now and it works ok.... my needs is that I want to config. this PIX 515 at the main office to also support site-to site vpn, so that users from a remote office which has cable internet connection can VPN to this main office. Can anybody out there have any sample config. of how to config. a PIX 515 to support site to site VPN....
Please help me....I have no idea if this could be done!

Thanx!

 

[routerman]

Do the remote offices use PIX as well?

 

[rmessenger94]

our remote has a linksys BEFSX1 cable router...

 

[cfwdude]

if your office that you want to connect to has a static Ip, you can use a PIX 501 and setup a VPN tunnel to your 515. I would recommend getting the 3des encryption for the 501, and make sure you also have the same encryption on the 515. des or 3des).
I can send you a sample config if you like. I am also using the cisco VPN client for traveling and remote users, and have a PIX 501 for a remote office that is always connected.

 

[yizhar]

HI.

Both VPN tunnel endpoints should be able to ping each other (unless ICMP is blocked).
If the linksys router does NAT or filtering it may block VPN for workstations or an additional pix 501.
So first, try to ping from workstation to pix and vice versa.

Try also to ping from the linksys router to the pix and/or the other way.

Does the linksys support IPSec - maybe you'll be able to VPN between the linksys and the pix (maybe!).

Do you or the ISP manage the liksys router?
Is the linksys router doing NAT/PAT?
Does the linksys router support IPSec pass-through? what about PPTP pass-through?

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[rmessenger94]

Thanx cfwdude! yizhar!
I better get another PIX 501 for compatability and do a site to site config. between the 2 Pixes just like you said. Can you send me the sample config. for this. I would appreciate that very much.
my email address is rmessenger94@yahoo.com
Thanx in advance! cfwdude...

roger

 

[yizhar]

HI.

Remember that if you place a pix 501 router behind the linksys router, both pix devices will still need registered ip address and to be able to ping each other (try from both directions).
So if you plan that the linksys router will remain and do NAT, and to put the pix501 behind it, I think but not sure that it will not work unless you have more then a single ip address.
If you plan that the pix will replace the linksys - you'll need to verify that the pix is able to do it.
If you have a registered ip address (or more) for the pix outside interface, then you should have no problem setting up the VPN.

Once you have the pix 501 ready, you'll be able to choose from 2 options for the configuration:
1) A traditional site to site VPN.
2) Using the new "Easy VPN" feature (the pix501 acts as a VPN client).
I would go with the first option but both should be fine.

> Can you send me the sample config.
You'll find sample configs in Cisco web site,
you can use the new PDM version for VPN configuration,
and you can use my pixcript tool.

You'll find some links here:

http://teachers.sivan.co.il/yizhar/files/pixlinks.htm

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar