Hi!
I have some problems understanding side to side vpn.
Location A is an standard office network. 50 user behinde e pix 515e (newest ios, newest pdm). User connect to the internet via PAT. User log in from remote via pptp-vpn. The pix is the vpn-server and authenticates the users on an active directory radius server in the inside network. Works like a charm.
Location B is a new office that we build up in Austria. There we have a DSL-Connection to the internet with on fixed IP-Numer. I use a pix 506e (same ios, same pdm)to connect the users to the internet (PAT). Works great.
Now I need to connect both offices via pix to pix vpn. Thats when my problems start. I configured both pix with the pdm (shame on me, but I like this tool <g>). After finishing the wizard on both sides I have an ipsec-vpn tunnel up and running (says the monitoring tool in the pdm). The problem is that I can't connect anywhere. In my understanding this vpn tunnel should work like a standard vpn connection that i get when I use my vpn client on my notebook and connect to location A. That means it should behave like I'm in the office, just a little bit slower. What am I doing wrong ?
1) In the vpn wizard traffic selector section on local site(protected by this pix) I use the inside network of location A (192.168.100.0/24)on the inside interface. On the next page I use the inside network of location B (10.49.10.0/24) on the outside interface. On the other pix in location B in configured it the other way round. The pdm than can not find 10.49.10.0 255.255.255.0 on the interface outside and ask me to ad this host or network. Do I need to do this?
2) After finishing the wizard on both sites the VPN-Connection is established. Anyway I can't connect anywhere. Do I have to add some additional routing entries ? Or is the wizard all I have to do ? What about access lists ? I have checked to bypass access check for IPSec and L2TP traffic, so I have not configured any access list for the VPN-Tunnel. Ist this correct ?
3) The network configuration on the clients is very simple. It comes from the dhcp and has the pix as only gateway. Is this ok ?
4)What about this easy vpn remote feature ? Easy sounds good to me
. I have a working VPN-Server (the pix) in location A. Can I connect the pix in location B with easy vpn ? Do I use the client mode or the network extension mode ? What does that mean for my network configuration ?
So this are a lot of questions I think. Maybe you can help me in some points. I'm glad for any help. Thank you!
best regards from Hamburg/Germany
Fritjof
I have some problems understanding side to side vpn.
Location A is an standard office network. 50 user behinde e pix 515e (newest ios, newest pdm). User connect to the internet via PAT. User log in from remote via pptp-vpn. The pix is the vpn-server and authenticates the users on an active directory radius server in the inside network. Works like a charm.
Location B is a new office that we build up in Austria. There we have a DSL-Connection to the internet with on fixed IP-Numer. I use a pix 506e (same ios, same pdm)to connect the users to the internet (PAT). Works great.
Now I need to connect both offices via pix to pix vpn. Thats when my problems start. I configured both pix with the pdm (shame on me, but I like this tool <g>). After finishing the wizard on both sides I have an ipsec-vpn tunnel up and running (says the monitoring tool in the pdm). The problem is that I can't connect anywhere. In my understanding this vpn tunnel should work like a standard vpn connection that i get when I use my vpn client on my notebook and connect to location A. That means it should behave like I'm in the office, just a little bit slower. What am I doing wrong ?
1) In the vpn wizard traffic selector section on local site(protected by this pix) I use the inside network of location A (192.168.100.0/24)on the inside interface. On the next page I use the inside network of location B (10.49.10.0/24) on the outside interface. On the other pix in location B in configured it the other way round. The pdm than can not find 10.49.10.0 255.255.255.0 on the interface outside and ask me to ad this host or network. Do I need to do this?
2) After finishing the wizard on both sites the VPN-Connection is established. Anyway I can't connect anywhere. Do I have to add some additional routing entries ? Or is the wizard all I have to do ? What about access lists ? I have checked to bypass access check for IPSec and L2TP traffic, so I have not configured any access list for the VPN-Tunnel. Ist this correct ?
3) The network configuration on the clients is very simple. It comes from the dhcp and has the pix as only gateway. Is this ok ?
4)What about this easy vpn remote feature ? Easy sounds good to me
. I have a working VPN-Server (the pix) in location A. Can I connect the pix in location B with easy vpn ? Do I use the client mode or the network extension mode ? What does that mean for my network configuration ?So this are a lot of questions I think. Maybe you can help me in some points. I'm glad for any help. Thank you!
best regards from Hamburg/Germany
Fritjof
