PIX 525 to VPN concentrator.

In article , AM wrote: :Is it possible to do a IPsec tunnel between devices in the subject? : Easily following IPsec standards? Or using Cisco :tools?

If it is a VPN3000 series, then Yes, Definitely.

: Are there examples?

Yes, in the PIX sample configuration section on cisco.com . Also there are some examples there for connecting to a few other kinds of firewalls by other manufacturers.

May I gather informations required for tunnel from Cisco client and to aplly them to isakmp and IPsec settings on the PIX? Or using Cisco client requires other kind of settings?

Till now towards a customer we have a connection done by Cisco client. But I woould move the endpoint from the sinlge PC to our PIX.

Thanks,

Alex.

In article , AM wrote: :May I gather informations required for tunnel from Cisco client and to aplly them to isakmp and IPsec settings on the :PIX? Or using Cisco client requires other kind of settings?

They should be able to tell you what transform sets they have established and their preferred order.

If not, then you should be able to look in the log window on the Cisco client in order to find out what transforms are being negotiated.

You cannot just read settings off of the software client, as the software client has practically no controls as to which tunnel settings are used.

:Till now towards a customer we have a connection done by Cisco client. But I woould move the endpoint from the sinlge PC :to our PIX.

Worst case is to fire up the PIX, turn on debug crypto isakmp 2 debug crypto ipsec 2

and then watch to see what proposals the other side offers.