Is it possible to have a pix vpning into 2 different networks 1

[RickyTicky]

My office in Hong kong curently vpns into my other office in china using a pix 506e at each site. This is great..but I want to have it so Hong Kong can also vpn into my London site as well as keeping the existing vpn in China. Is this possible? If so, what do I need to do? and do I need to upgrade the o/s to do it? Any help would be greatly appreciated. Thanks Guys.

Hong Kong ------ VPN--------China
|
|
|
London

 

[lgarner]

Certainly. Add another crypto map.

You already have something like:
crypto map MyMap 1 ipsec-isakmp
crypto map MyMap 1 match address aclChina
crypto map MyMap 1 set peer china.ip.address
crypto map MyMap 1 set transform-set MyTransform
crypto map MyMap interface outside

So, add:
crypto map MyMap 2 ipsec-isakmp
crypto map MyMap 2 match address aclLondon
crypto map MyMap 2 set peer london.ip.address
crypto map MyMap 2 set transform-set MyTransform

Keep in mind that for China and London to communicate, you'll need a tunnel between them as well, though I understand that FOS 7 overcomes this.

 

[RickyTicky]

Thanks the quick reply Lgarner, so its a case of just adding an additional crypto map then. I also have isakmp statements in my config, will I have to repeat these as well specifying the peer address for London?

 

[lgarner]

Yes, repeat the "isakmp key" statements with the London address and the same or a different key.