static vpn between linksys and pix but...

Discussion in 'Cisco' started by Tomek W., Oct 18, 2006.

  1. Tomek W.

    Tomek W. Guest

    Hi
    I need to make a static vpn tunnel between two places but in one
    localization is only with dynamic ip
    on one side of tunnel is pix on other linksys BEFSX41 with dynDNS and
    TZO.com support.
    when the ip is static then is no problem, but with dynamic ip's is different
    situation.
    some one maybe have a idea how to solve this situation.
    thx
     
    Tomek W., Oct 18, 2006
    #1
    1. Advertising

  2. * Tomek W. wrote:
    > some one maybe have a idea how to solve this situation.


    Pay some bugs for a static IP.
     
    Lutz Donnerhacke, Oct 18, 2006
    #2
    1. Advertising

  3. Tomek W.

    Tomek W. Guest

    that i know, but it's impossible
     
    Tomek W., Oct 18, 2006
    #3
  4. * Tomek W. wrote:
    [no money for static IP addresses]
    > that i know, but it's impossible


    Then you do not need the VPN.
     
    Lutz Donnerhacke, Oct 18, 2006
    #4
  5. Tomek W.

    Tomek W. Guest

    be so kind and if you don't have nothing to say just be quiet
     
    Tomek W., Oct 18, 2006
    #5
  6. Tomek W.

    Brian V Guest

    "Tomek W." <> wrote in message
    news:eh4sba$7nk$...
    > Hi
    > I need to make a static vpn tunnel between two places but in one
    > localization is only with dynamic ip
    > on one side of tunnel is pix on other linksys BEFSX41 with dynDNS and
    > TZO.com support.
    > when the ip is static then is no problem, but with dynamic ip's is
    > different
    > situation.
    > some one maybe have a idea how to solve this situation.
    > thx
    >


    Do a google for "pix static to dynamic vpn" 1000's of hits. Heres one from
    Cisco, using NAT, you can simply ignore the NAT stuff tho for your config.
    http://www.cisco.com/en/US/products...s_configuration_example09186a0080094680.shtml
     
    Brian V, Oct 18, 2006
    #6
  7. In article <eh4sba$7nk$>,
    Tomek W. <> wrote:
    >I need to make a static vpn tunnel between two places but in one
    >localization is only with dynamic ip
    >on one side of tunnel is pix on other linksys BEFSX41 with dynDNS and
    >TZO.com support.
    >when the ip is static then is no problem, but with dynamic ip's is different
    >situation.
    >some one maybe have a idea how to solve this situation.


    If you need both sides to be able to bring up the tunnel, and
    if it is the linksys that has the dynamic IP, then you will not be
    able to do what you want in PIX 5, or 6 for sure (and I don't
    think you can do it in PIX 7, but I could be wrong about that.)

    You could have an internal computer on the PIX side look up the
    IP address and then have it log in to the PIX and reprogram the PIX.
    But if the dynamic IP address of the linksys changed while the tunnel
    was up, then you would need some way for that internal computer to notice
    the change and go back in and reprogram the PIX again. In PIX 5 and 6,
    this reprogramming can NOT be done via SNMP; PIX 7 has more SNMP
    capabilities, but I don't -think- it could be done via SNMP on PIX 7
    either.
     
    Walter Roberson, Oct 19, 2006
    #7
  8. In article <eh55po$870$>,
    Tomek W. <> wrote:

    >be so kind and if you don't have nothing to say just be quiet


    So if we *know* that what you want to do cannot be done using the
    equipment you have specified, then you'd prefer that we just
    say nothing and leave you searching for a solution that does not
    exist?

    The person you were replying to -was- being helpful, by
    pointing out the relative priorities of the situation. Unless you
    use the reprogramming approach I described in my earlier posting
    (which would require equipment and software tools beyond those you
    listed as being available), you cannot do what you asked to do,
    and the best available fix is to get a static IP on both ends.

    If the two-way link is of sufficient importance to you, you must
    find a way to overcome the "impossible" dynamic IP situation,
    even if that means paying thousands of dollars to have an ISP install
    a fibre connection. If the link isn't worth that much trouble
    or expense, then you must either do without having both ends able
    to initiate the link, or else you must change the PIX for some either
    kind of firewall that will cooperate with DynDNS.
     
    Walter Roberson, Oct 19, 2006
    #8
  9. * Walter Roberson wrote:
    > able to do what you want in PIX 5, or 6 for sure (and I don't
    > think you can do it in PIX 7, but I could be wrong about that.)


    You are right: PIX 7 needs static IPs, too.

    > the change and go back in and reprogram the PIX again. In PIX 5 and 6,
    > this reprogramming can NOT be done via SNMP; PIX 7 has more SNMP
    > capabilities, but I don't -think- it could be done via SNMP on PIX 7
    > either.


    You are right: PIX 7 can't be reprogrammed using SNMP.
     
    Lutz Donnerhacke, Oct 20, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. GVB
    Replies:
    1
    Views:
    2,873
    Martin Bilgrav
    Feb 6, 2004
  2. spencerwill.com
    Replies:
    2
    Views:
    4,356
    Peter
    May 26, 2005
  3. Nieuws Xs4all
    Replies:
    0
    Views:
    642
    Nieuws Xs4all
    May 26, 2005
  4. Replies:
    4
    Views:
    4,207
  5. Bob Simon

    VPN between PIX and Linksys RV042

    Bob Simon, Aug 31, 2007, in forum: Cisco
    Replies:
    0
    Views:
    1,437
    Bob Simon
    Aug 31, 2007
Loading...

Share This Page