Linksys BEFVP41 to Cisco Pix 506E

Discussion in 'Cisco' started by mwells, Jul 21, 2005.

  1. mwells

    mwells Guest

    I'm in the process of setting up about 5 or 6 small offices, all have
    adsl, to vpn back to our central office server. Each office has
    anywhere from the largest of 25 computers to the smallest which has 6.
    Our central office has a Small Business server 2003 using ISA Server
    2000 and and Cisco Pix 506E with a T1. I would like to use a Linksys
    BEFVP41 to VPN each office back to central office. Is there somewhere
    that will show me how to do this? I know this can be done..but I need
    the command line for the PIX and how to setup the BEFVP41. One other
    question, would the remote offices need a static IP?

    Thanks......
     
    mwells, Jul 21, 2005
    #1

    1. Advertisements

  2. mwells

    Brian Bergin Guest

    |I'm in the process of setting up about 5 or 6 small offices, all have
    |adsl, to vpn back to our central office server. Each office has
    |anywhere from the largest of 25 computers to the smallest which has 6.
    |Our central office has a Small Business server 2003 using ISA Server
    |2000 and and Cisco Pix 506E with a T1. I would like to use a Linksys
    |BEFVP41 to VPN each office back to central office. Is there somewhere
    |that will show me how to do this? I know this can be done..but I need
    |the command line for the PIX and how to setup the BEFVP41. One other
    |question, would the remote offices need a static IP?
    |
    |Thanks......

    The first question I have is why are you using ISA Server AND a PIX? The PIX
    can easily handle ALL of your firewall needs, and far more efficiently than ISA
    can.

    As for BEFVP41 to PIX, there is no supported method to connect them. While they
    both support IPSec, the VP41 (and RV series now) implementation is deliberately
    different than the PIX, at least according to my dealer tech support rep at
    Linksys. Cisco wants you to buy PIX 501's or 506E's for your remote offices and
    a 506E or 515 for your home office in a situation like you have. If that is
    cost prohibitive you might consider using RV042 series at each location. They
    support 30 tunnels and dual Internet pipes (for backup if you need it),
    otherwise, I'd look for 501's for the 6 user office and 506E's for the larger
    offices (or just get all 506E's for ease of management).

    Be forewarned, however, that Cisco hasn't yet provided a version 7 of their
    latest PIX OS for 501 or 506E, at least the last time I checked, so if you're in
    need of any of those features you'll have to wait for 7.1 and a striped down
    version for the 50x series.

    Thanks...
    Brian Bergin

    I can be reached via e-mail at
    cisco_dot_news_at_comcept_dot_net.

    Please post replies to the group so all may benefit.

    NOTICE: Use of this information is contingent upon acceptance of Paragraph 17 of Terabyte's Terms and conditions located at http://terabyte.net/terms.htm#postings.
     
    Brian Bergin, Jul 22, 2005
    #2

    1. Advertisements

  3. mwells

    Walter Roberson Guest

    :As for BEFVP41 to PIX, there is no supported method to connect them. While they
    :both support IPSec, the VP41 (and RV series now) implementation is deliberately
    :different than the PIX, at least according to my dealer tech support rep at
    :Linksys. Cisco wants you to buy PIX 501's or 506E's for your remote offices and
    :a 506E or 515 for your home office in a situation like you have.

    The VP41 version 1 connects to the 501, 506E, and 525 with little
    difficulty. 3DES, group 2, pre-shared keys (maximum 24 bytes).

    The only problem I've had is that sometimes a TCP session will freeze,
    with the other active TCP sessions being fine. This problem was
    noticably more frequent with the Linksys BEFSX* (which also has little
    difficulty connecting to PIXen.)
     
    Walter Roberson, Jul 25, 2005
    #3
  4. mwells

    Walter Roberson Guest

    :I'm in the process of setting up about 5 or 6 small offices, all have
    :adsl, to vpn back to our central office server. Each office has
    :anywhere from the largest of 25 computers to the smallest which has 6.
    :Our central office has a Small Business server 2003 using ISA Server
    :2000 and and Cisco Pix 506E with a T1. I would like to use a Linksys
    :BEFVP41 to VPN each office back to central office. Is there somewhere
    :that will show me how to do this? I know this can be done..but I need
    :the command line for the PIX and how to setup the BEFVP41. One other
    :question, would the remote offices need a static IP?

    The remote offices would NOT need a static IP.

    Configure the BEFVP41 for 3DES Group 2 (you'll want to use the Advanced
    configuration to be -sure- both phases are done properly.) Configure
    the PIX with a crypto dynamic map with the isakmp policies and
    transform sets corresponding to 3DES Group 2 SHA.

    If I recall correctly, the BEFVP41 does support NAT-T so you could
    use AH, but that could be an add-on later once you have the
    non-AH transform working.

    On the PIX end, you would configure just as if another PIX
    connecting (except for lack of AES support.)
     
    Walter Roberson, Jul 27, 2005
    #4

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. VOIP using Cisco PIX 506e and Cisco 837

  2. Revisited - Need help with IPSec tunnel periodically collapsing with 7206 to Linksys BEFVP41

  3. VPN Connection Problems between Cisco PIX 506E and Cisco VPN Concentrator 3005

  4. Linksys BEFVP41 -- a first look

  5. Linksys Router < -- > Cisco PIX 506e

  6. PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT

  7. PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 2)

  8. Cisco ASA 5510 to Cisco PIX 506E VPN Tunnel, Dropping RDP

Loading...