 |
NOTE:
At the initial release, the PIX Security Appliance 7.0 software will
not be available for the 501 and 506E models. The configuration steps covered
in this lesson are based on release 6.3.
|
Any PIX Security Appliance unit running version 6.2 or higher can be
configured ass a Cisco Easy VPN Server or an Easy VPN Remote. Using the PIX as
an Easy VPN Server lets the administrator configure the VPN policy in a single
location on the Easy VPN Server. After configuring the VPN policy, Easy VPN
Server can push VPN policy configuration to multiple Easy VPN Remote devices,
which greatly simplifies configuration and administration.
When using PIX
Security Appliance Software Version 6.2 and higher, a PIX 501 or PIX 506/506E
can be used as an Easy VPN Remote device when connecting to an Easy VPN Server,
such as a Cisco VPN 3000 Concentrator, Cisco IOS router, or another PIX
. Easy VPN Remote
device functionality, sometimes called a hardware client, allows the PIX to
establish a VPN tunnel to the Easy VPN Server. Hosts running on the LAN behind
the PIX can connect through the Easy VPN Remote without individually running
any VPN client software.
Each Easy VPN Remote device is assigned to a
group. The administrator use the vpngroup command to
associate security policy attributes with a VPN group name. As Easy VPN Remote
devices establish a VPN tunnel to the Easy VPN Server, the attributes
associated with their group are pushed to the Easy VPN Remote device.
This lesson will focus on the Easy VPN Remote configuration for the client
device.