Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX Firewall connect whit 2 remote site-to-site is possible?

Status
Not open for further replies.
absantos

absantos

IS-IT--Management
Apr 16, 2003
4
US
I have 1 site whit PIX (520 model) and just 1 connection site-to-site works good.
But i'm tying configure other site to connect to this same PIX.
But is impossible until now.

Is this possible???
Is possible use PIX like VPN concentrator (IPSEC)
How made de crypto map tables??

I'm trying whit this under configuration(but not working):

nat (inside) 0 access-list 101 (ACL whit nonat addrees - range site 1 and range site 2)
nat (inside) 1 10.0.0.0 255.0.0.0 0 0

crypto ipsec transform-set TS2 esp-3des esp-md5-hmac

crypto map CLIENTE 10 ipsec-isakmp
crypto map CLIENTE 10 match address 81 (that is ACL address range site 1)
crypto map CLIENTE 10 set peer 80.x.x.2(valid address remote pix 1)
crypto map CLIENTE 10 set transform-set TS2

crypto map CLIENTE 11 ipsec-isakmp
crypto map CLIENTE 11 match address 82 (that is ACL address range site 2)
crypto map CLIENTE 11 set peer 66.x.x.2(valid address remote pix 2)
crypto map CLIENTE 11 set transform-set TS2

crypto map CLIENTE client configuration address initiate
isakmp enable internet

crypto map CLIENTE interface internet (this is outside)

isakmp key ******** address 80.x.x.2 netmask 255.255.255.255 no-config-mode
isakmp key ******** address 66.x.x.2 netmask 255.255.255.255 no-config-mode

isakmp identity address
isakmp policy 8 authentication pre-share
isakmp policy 8 encryption 3des
isakmp policy 8 hash md5
isakmp policy 8 group 2
isakmp policy 8 lifetime 28800

Please help me!!

Thanks!

Alexsander
Sao Paulo - Brazil

Alexsander Santos
Network Analist
Brazil
 
Sort by date Sort by votes
HI.

> Is this possible???
Yes. Here are some samples:

Some troubleshooting tips:
* Use syslog messages.
* Remember that you need 2 for a tango (or VPN) - check remote devices and not only main office.
* Use ipsec debug commands:
* Can each vpn peer ping the other?
* Check the mirrored access-list of interesting traffic and nat 0 on both sides.


Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
775
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
576
nnaarrnn
nnaarrnn
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
642
Johnkite
Johnkite
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
161
ISDPCMAN
ISDPCMAN
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
147
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top