Pix firewall having two site to site connection

Pix firewall having two site to site connection
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Pix firewall having two site to site connection muhammed.imran@gmail.com 04-24-2007
Posted by muhammed.imran@gmail.com on April 24, 2007, 10:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello,

I am trying to configure VPN connection between two sites with one pix
and two routers. Is it possible that my pix firewall will have two
different site to site vpn connections with two routers on different
sites? firewall has dynamic IP address and both routers have static ip
addresses. Could anybody help me?


pix > router1
v
router 2

Best Regards,
Muhammed Imran


Posted by Walter Roberson on April 24, 2007, 10:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
>I am trying to configure VPN connection between two sites with one pix
>and two routers. Is it possible that my pix firewall will have two
>different site to site vpn connections with two routers on different
>sites? firewall has dynamic IP address and both routers have static ip
>addresses.

Yes. Use the same 'crypto map' name for both, but put the two
entries into different crypto map policy numbers. If you
are using shared keys, make sure you have a key for each of them.

For example,

crypto map vpn-map 1000 ipsec-isakmp
crypto map vpn-map 1000 match address vpn2cal-acl
crypto map vpn-map 1000 set peer CalpixIP
crypto map vpn-map 1000 set transform-set vca-ea256s
crypto map vpn-map 1001 ipsec-isakmp
crypto map vpn-map 1001 match address vpn2sf-acl
crypto map vpn-map 1001 set peer SFpixIP
crypto map vpn-map 1001 set transform-set vc-ea256s

Also note that you need different ACL names for the two sites,
but your acl for your nat (inside) 0 access-list will have to
have entries for both destinations.

Similar ThreadsPosted
Site to Site VPN Solutions for sharing an Extranet Application May 30, 2005, 5:36 am
SonicWALL GVC clients cannot traverse site-to-site link January 4, 2007, 11:07 am
Site-to-Site VPN with Safe@Office 225 and 110 Firewalls. December 29, 2005, 5:03 pm
How to Configure Site-to-Site VPN in Cisco Routers May 2, 2007, 5:31 am
Cisco PIX 501-515 Site-to-Site VPN Issue July 5, 2007, 2:06 am
WatchGuard Firebox and site-to-site VPN August 23, 2007, 4:22 pm
Sonicwall Site to Site VPN March 15, 2006, 7:11 pm
site to site VPN CISCO PIX May 1, 2006, 7:07 pm
Site-to-site VPN between two PIX501's November 20, 2006, 3:40 pm
Site to Site VPN Tunnel June 23, 2007, 11:16 am

The site map in XML format XML site map

Contact Us | Privacy Policy