Question : Problem: Whats best to use at the client end?

Hi

I have a PIX515 firewall installed at my site in England. I wish to provide VPN access to two sites in Germany and Denmark. I am going to install the necessary software on the PIX to allow VPN connections. My question is what is the best option for the other sites. One is a single user with broadband connection and static IP address. The other has three users with a broadband connection and dynamic IP address. What is the best set-up at my end, preshared keys or CA. I have read lots of Cisco stuff on VPNs and PIX and although I understand it I have not found an example that is similiar to my set-up.

It is very important to me to get this working ASAP therefore 500 points are on offer.

Regards John

Answer : Problem: Whats best to use at the client end?

Peer address on your pix would be the public ip of the router, there's no way around that.

your vpn trigger acl would look like this:

access-list 101 permit ip 192.168.172.0 255.255.255.0

Random Solutions

Problem: Smart UPS 1500 - adding a device

Problem: Citrix Best Practice

Problem: How to Fix Concave (Hour Glass) Monitor Display

Problem: Can a cisco 2970 switch be configured to do rouiting

Problem: VPN tunnel is created but no access to local network

Problem: Cannot get Itunes library to show up in ITUNES

Problem: Triplicate Calendar Events

Problem: Corrupted User profile on Fujisu Disk

Problem: Older program will not print to laser printer

Problem: HP pavillion a5040a Desktop - CPU fan constantly on and goes into sleep mode randomly after PSU replacement