Cisco PIX and WatchGuard SOHO dynamic VPN connection

Discussion in 'Cisco' started by Andy Low, May 7, 2004.

  1. Andy Low

    Andy Low Guest

    Hi,

    My WG soho is using dynamic IP. Can I setup an IPsec VPN connection to Cisco
    PIX?

    I have run through the Cisco PIX configuration several times. It seems like
    for the dynamic connection for IPsec, Cisco PIX only support Cisco VPN
    client.

    Regards,

    Andy
     
    Andy Low, May 7, 2004
    #1
    1. Advertising

  2. Andy Low

    mh Guest

    Yes Cisco PIX will support inbound VPN connection and yes you will
    probably need to use the Cisco VPN.
     
    mh, May 7, 2004
    #2
    1. Advertising

  3. Andy Low

    Joce Guest

    Andy Low wrote:

    > Hi,
    >
    > My WG soho is using dynamic IP. Can I setup an IPsec VPN connection to
    > Cisco PIX?
    >
    > I have run through the Cisco PIX configuration several times. It seems
    > like for the dynamic connection for IPsec, Cisco PIX only support Cisco
    > VPN client.
    >
    > Regards,
    >
    > Andy


    You need at least 1 static IP (obviously) and you will have to bring the
    tunnel up from the site using dynamic IP.

    If your IP doesn't change often, you can "simulate" a static IP for IPSec
    but be carefull with this.
     
    Joce, May 7, 2004
    #3
  4. Andy Low

    Andy Low Guest

    Hi,

    If the client is not using static IP address, the Cisco PIX needs to
    configure dynamic IPsec settings and assign an IP address from IP Pool. In
    Cisco PIX configuration ONLY Cisco VPN client is supported for dynamic VPN
    connection ( so far I cannot find other settings that allow other product
    IPsec settings).

    So does it mean beside Cisco VPN client, there is no way I can Cisco PIX to
    other IPsec product using dynamic IP address?

    Regards,

    Andy

    "Joce" <> wrote in message
    news:ISLmc.77164$...
    > Andy Low wrote:
    >
    > > Hi,
    > >
    > > My WG soho is using dynamic IP. Can I setup an IPsec VPN connection to
    > > Cisco PIX?
    > >
    > > I have run through the Cisco PIX configuration several times. It seems
    > > like for the dynamic connection for IPsec, Cisco PIX only support Cisco
    > > VPN client.
    > >
    > > Regards,
    > >
    > > Andy

    >
    > You need at least 1 static IP (obviously) and you will have to bring the
    > tunnel up from the site using dynamic IP.
    >
    > If your IP doesn't change often, you can "simulate" a static IP for IPSec
    > but be carefull with this.
     
    Andy Low, May 10, 2004
    #4
  5. Andy Low

    Andy Low Guest

    Hi,

    If the client is not using static IP address, the Cisco PIX needs to
    configure dynamic IPsec settings and assign an IP address from IP Pool. In
    Cisco PIX configuration ONLY Cisco VPN client is supported for dynamic VPN
    connection ( so far I cannot find other settings that allow other product
    IPsec settings).

    So does it mean beside Cisco VPN client, there is no way I can Cisco PIX to
    other IPsec product using dynamic IP address?

    Regards,

    Andy


    "mh" <> wrote in message
    news:...
    > Yes Cisco PIX will support inbound VPN connection and yes you will
    > probably need to use the Cisco VPN.
     
    Andy Low, May 10, 2004
    #5
  6. In article <c7n8l4$bq2$>,
    Andy Low <_REMOVE_> wrote:
    :If the client is not using static IP address, the Cisco PIX needs to
    :configure dynamic IPsec settings and assign an IP address from IP Pool. In
    :Cisco PIX configuration ONLY Cisco VPN client is supported for dynamic VPN
    :connection ( so far I cannot find other settings that allow other product
    :IPsec settings).

    If you are using IPSec and you know the -internal- address range of the
    remote host, then you can use crypto dynamic maps and nat 0 access-list
    in combination. You do not need to assign the address from the PIX
    for this to work, and the other end can be using any IPSec that
    is compatable with the standards.

    If you are using PPTP, then you can (must) have the PIX allocate an address
    from a pool for the remote end. The remote end does not need to be running
    the Cisco client for this to work. I've had PPTP work from Mac OSX and
    from MS Windows 2000.

    As I recall, you can also do dynamic address allocation on the PIX
    for L2TP, but I've never dug into that enough to get it to work (it rides
    on top of IPSec.)

    :So does it mean beside Cisco VPN client, there is no way I can Cisco PIX to
    :eek:ther IPsec product using dynamic IP address?

    I'm not sure what "other settings" you were looking for? The PIX isn't
    magic about allocating addresses for the VPN client: you need to configure
    the pool.
    --
    Cottleston, Cottleston, Cottleston pie.
    A bird can't whistle and neither can I. -- Pooh
     
    Walter Roberson, May 10, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. c
    Replies:
    2
    Views:
    835
  2. Anthony
    Replies:
    7
    Views:
    949
  3. Replies:
    6
    Views:
    3,146
    justinberg
    Jul 22, 2008
  4. Replies:
    1
    Views:
    2,957
    www.BradReese.Com
    Aug 18, 2006
  5. dgteel
    Replies:
    1
    Views:
    967
    zhafeez
    Apr 13, 2007
Loading...

Share This Page