Hi,
Thanks for the link, it seems PIX supports something called
dynamic crypto maps which allow for IPSec connections to be
initiated by a client with a dynamic IP address.
> As Michael says, when using Cisco's VPN client at least, the
> PIX assigns (from a pool configured on it) an IP address to the remote
> client. I use 172.17 addresses, but you can use anything.
> You then need to allow that range through the PIX to your protected
> network. Cisco has some good docs on their site on how to do
> this if you're unfamiliar with the ipsec commands. Takes a total of
> about 10 commands on the pix to allow ipsec connections. Much
> easier than I thought.
>
> Are you planning on connecting to the PIX from an LRP box, or
> through an LRP box? (Or neither) I have no experience attaching
> FreeS/WAN to a PIX, but I doubt that a dynamic address would
> work well. Tunnelling through an LRP box, however, is a
> piece of cake,
> and handles dynamic addressing and NAT quite handily.
>
> Cisco docs for VPN Client configs:
> http://www.cisco.com/warp/public/110/pptpcrypto3.html
>
> Jonathan Rawson
>
> -----Original Message-----
> From: Michael Leone <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Thursday, June 14, 2001 2:34 PM
> Subject: Re: [Leaf-user] VPN pre-install question
>
>
> >> One of my clients has just bought a Cisco PIX firewall and
> I will be
> >> attempting to set up a VPN connection to them. Do you know
> if the PIX
> >> firewall can accept an IPSEC connection from a dynamic IP address.
> >> I have read that FreeSWAN can, I know that Checkpoint and
> W2K can't.
> >> I don't want to spend too much time attempting the impossible.
> >
> >I can tell you that, when I was testing my PIX, we dialed a
> laptop into a
> >local ISP (and got a dynamic IP), and used the Cisco IPSec
> software to
> >connect to our Pix with no problem.
> >
> >When you configure the Pix, you will have (probably) an RFC
> 1918 address on
> >the internal interface (i.e., 192.168.1.x). You would then
> also assign a
> >DIFFERENT RFC 1918 address to the incoming IPSec connection (we used
> >172.16.x.x); the incoming IPSec is then assigned this 2nd
> address. The Pix
> >will automatically route between them.
> >
> >
> >
> >
> >_______________________________________________
> >Leaf-user mailing list
> >[EMAIL PROTECTED]
> >http://lists.sourceforge.net/lists/listinfo/leaf-user
>
>
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-user
>
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
