CiscoVPN Question

Ok, I've got a problem that I can't figure out. Where I work we have 2 sites, production which is housed off site, and our main office. These two sites are connected with a Cisco VPN connection. We have a PIX 515 on the main office side, and a ASA 5510 on our production side. Currently we have a VPN connection going FROM the PIX to the ASA, so the ASA is acting as the VPN server. Now I want to set up VPN on the PIX to allow us to use it to connect to our main site, but it will not let me while easy VPN is enabled. I've looked and can't find out how to make the ASA a client VPN to the PIX VPN server. Does anyone know of a better way to do this? I want to allow users to connect to our main office via Cisco VPN, and have a site to site VPN connection from our main office and our production site.

Thanks. -Jim

You basically need to combine the configuration of a L2L (Lan to Lan) tunnel and RA (Remote Access) tunnels. Setup your remote access tunnel

- this can help:

formatting link

Then add another crypto map entry. Setup your dynamic crypto map with the highest sequence number...

I.E.

crypto map vpnmap 10 match address production-IPs-ACL crypto map vpnmap 10 set peer crypto map vpnmap 50 ipsec-isakmp dynamic remote-user-map crypto map vpnmap interface outside

This is obviously only part of the VPN configuration, but I used it to illustrate the point that you will have to combine the configuration of dynamic maps with defined peers into one crypto map, and you should make sure that your dynamic entry is last in the order of precedence.

-Kevin