|
|
Question : Problem: Whats best to use at the client end?
|
|
Hi
I have a PIX515 firewall installed at my site in England. I wish to provide VPN access to two sites in Germany and Denmark. I am going to install the necessary software on the PIX to allow VPN connections. My question is what is the best option for the other sites. One is a single user with broadband connection and static IP address. The other has three users with a broadband connection and dynamic IP address. What is the best set-up at my end, preshared keys or CA. I have read lots of Cisco stuff on VPNs and PIX and although I understand it I have not found an example that is similiar to my set-up.
It is very important to me to get this working ASAP therefore 500 points are on offer.
Regards John
|
Answer : Problem: Whats best to use at the client end?
|
|
Peer address on your pix would be the public ip of the router, there's no way around that.
your vpn trigger acl would look like this:
access-list 101 permit ip 192.168.172.0 255.255.255.0
|
|
|