Kim, It will work, I've done it before. It is true that you can only have 1 crypto map per interface, but you can have multiple ISAKMP/IPSEC policies for different tunnels in that crypto map. However, for dynamic crypto map used for remote access VPN, what happens is that the dynamic crypto map is just like the normal crypto map in the way it's defined, but you hook up the dynamic crypto map to the crypto map which is applied to the interface.
Check out the link below. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_61/config /ipsecint.htm One limitation I encountered with client VPN on a PIX is that you won't be able to use local authentication, since PIX doesn't support local usernames/password like the IOS. So you just login with groupname and password. Although you can hook it up to a ACS server to do your extended authentication to specify different users. Regards, Albert -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kim Seng Sent: Sunday, February 16, 2003 4:26 AM To: [EMAIL PROTECTED] Subject: Site-to-Site and Remote Access VPN on PIX? [7:63100] Greetings, Can I configure the PIX to do both site-to-site and Remote access VPN at the same time? I think it is impossible since I can only apply only one crypto map to the outside interface. Can someone confirm? Kim. __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63119&t=63100 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
