|
Posted by mwells@bsacap.org on July 21, 2005, 7:50 am
If you were Registered and logged in, you could reply and use other advanced thread options
I'm in the process of setting up about 5 or 6 small offices, all have
adsl, to vpn back to our central office server. Each office has
anywhere from the largest of 25 computers to the smallest which has 6.
Our central office has a Small Business server 2003 using ISA Server
2000 and and Cisco Pix 506E with a T1. I would like to use a Linksys
BEFVP41 to VPN each office back to central office. Is there somewhere
that will show me how to do this? I know this can be done..but I need
the command line for the PIX and how to setup the BEFVP41. One other
question, would the remote offices need a static IP?
Thanks......
|
 
| |
Posted by Brian Bergin on July 21, 2005, 7:24 pm
If you were Registered and logged in, you could reply and use other advanced thread options
|I'm in the process of setting up about 5 or 6 small offices, all have
|adsl, to vpn back to our central office server. Each office has
|anywhere from the largest of 25 computers to the smallest which has 6.
|Our central office has a Small Business server 2003 using ISA Server
|2000 and and Cisco Pix 506E with a T1. I would like to use a Linksys
|BEFVP41 to VPN each office back to central office. Is there somewhere
|that will show me how to do this? I know this can be done..but I need
|the command line for the PIX and how to setup the BEFVP41. One other
|question, would the remote offices need a static IP?
|
|Thanks......
The first question I have is why are you using ISA Server AND a PIX? The PIX
can easily handle ALL of your firewall needs, and far more efficiently than ISA
can.
As for BEFVP41 to PIX, there is no supported method to connect them. While they
both support IPSec, the VP41 (and RV series now) implementation is deliberately
different than the PIX, at least according to my dealer tech support rep at
Linksys. Cisco wants you to buy PIX 501's or 506E's for your remote offices and
a 506E or 515 for your home office in a situation like you have. If that is
cost prohibitive you might consider using RV042 series at each location. They
support 30 tunnels and dual Internet pipes (for backup if you need it),
otherwise, I'd look for 501's for the 6 user office and 506E's for the larger
offices (or just get all 506E's for ease of management).
Be forewarned, however, that Cisco hasn't yet provided a version 7 of their
latest PIX OS for 501 or 506E, at least the last time I checked, so if you're in
need of any of those features you'll have to wait for 7.1 and a striped down
version for the 50x series.
Thanks...
Brian Bergin
I can be reached via e-mail at
cisco_dot_news_at_comcept_dot_net.
Please post replies to the group so all may benefit.
NOTICE: Use of this information is contingent upon acceptance of Paragraph 17 of
Terabyte's Terms and conditions located at
http://terabyte.net/terms.htm#postings.
|
|
Posted by Walter Roberson on July 25, 2005, 9:13 pm
If you were Registered and logged in, you could reply and use other advanced thread options
:both support IPSec, the VP41 (and RV series now) implementation is deliberately
:different than the PIX, at least according to my dealer tech support rep at
:Linksys. Cisco wants you to buy PIX 501's or 506E's for your remote offices and
:a 506E or 515 for your home office in a situation like you have.
The VP41 version 1 connects to the 501, 506E, and 525 with little
difficulty. 3DES, group 2, pre-shared keys (maximum 24 bytes).
The only problem I've had is that sometimes a TCP session will freeze,
with the other active TCP sessions being fine. This problem was
noticably more frequent with the Linksys BEFSX* (which also has little
difficulty connecting to PIXen.)
--
Feep if you love VT-52's.
|
|
Posted by Walter Roberson on July 27, 2005, 5:27 pm
If you were Registered and logged in, you could reply and use other advanced thread options
:adsl, to vpn back to our central office server. Each office has
:anywhere from the largest of 25 computers to the smallest which has 6.
:Our central office has a Small Business server 2003 using ISA Server
:2000 and and Cisco Pix 506E with a T1. I would like to use a Linksys
:BEFVP41 to VPN each office back to central office. Is there somewhere
:that will show me how to do this? I know this can be done..but I need
:the command line for the PIX and how to setup the BEFVP41. One other
:question, would the remote offices need a static IP?
The remote offices would NOT need a static IP.
Configure the BEFVP41 for 3DES Group 2 (you'll want to use the Advanced
configuration to be -sure- both phases are done properly.) Configure
the PIX with a crypto dynamic map with the isakmp policies and
transform sets corresponding to 3DES Group 2 SHA.
If I recall correctly, the BEFVP41 does support NAT-T so you could
use AH, but that could be an add-on later once you have the
non-AH transform working.
On the PIX end, you would configure just as if another PIX
connecting (except for lack of AES support.)
--
"Who Leads?" / "The men who must... driven men, compelled men."
"Freak men."
"You're all freaks, sir. But you always have been freaks.
Life is a freak. That's its hope and glory." -- Alfred Bester, TSMD
|
| Similar Threads | Posted | | Revisited - Need help with IPSec tunnel periodically collapsing with 7206 to Linksys BEFVP41 | December 10, 2004, 12:08 pm |
| Linksys Router < -- > Cisco PIX 506e | September 22, 2005, 9:02 am |
| Linksys GIG v's Cisco Gig | October 14, 2006, 2:01 pm |
| Cisco Pix 501 and Linksys router | July 6, 2005, 4:34 pm |
| telnet through Linksys to Cisco | April 11, 2006, 4:56 pm |
| cisco 7960 POE on linksys SRW 244 P | August 2, 2006, 9:30 am |
| Linksys with cisco switch | March 5, 2007, 1:57 am |
| Linksys SFE2000P - not really a Cisco | July 4, 2008, 5:44 pm |
| Cisco owned (linksys wet11b) is cisco failing to see market demands? | March 10, 2005, 10:02 pm |
| Cisco 1720 and Linksys RV042 | August 17, 2004, 6:01 pm |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map