Define a Group Policy for Mode Configuration Push
When remote VPN clients connect to HQ-PIX, the firewall must push certain configuration
information to them. You configure these parameters using the vpngroup command:
vpngroup remote-users password B#!42Dd
vpngroup remote-users dns-server 10.200.10.35
vpngroup remote-users wins-server 10.100.10.25
vpngroup remote-users default-domain dukem.com
vpngroup remote-users address-pool vpn-pool
vpngroup remote-users idle-time 10
Enable IKE Dead Peer Detection
You need to specify the number of seconds between DPD messages and the number of
seconds between retries (if a DPD message does not receive a response). The syntax for this
command is as follows:
isakmp keepalive seconds [retry-seconds]
Task 7: Configuring Failover
Failover is configured on the PIX only at the Reston site (HQ-PIX). When configuring
failover, you first configure the failover parameters on the primary PIX Firewall (leaving the
NOTE You also need to configure the VPN client software on the remote user PCs. This
configuration involves identifying the IP address of HQ-PIX and indicating the VPN group
name (remote-users) and group password (B#!42Dd).