Pix VPN config query

[hoinvip]

We've got a requirement to have a central PIX (515E) providing multiple VPN tunnels to remote sites. Quick diag below:

CENTRAL 515E
/ / / SITEA SITE B

My central site has an internal 192.168.1.x network and each remote site will be 192.168.10.x and 192.168.11.x etc..

My question is, do I need completely separate crypto map configs for each one? I've tried configuring site B recently but every time I try it, I lose my existing VPN connection to site A so I know I'm going wrong somewhere.

I'd also quite like to setup the VPN client software for dial-up users but despite seemingly connecting up to the 515E, I cannot then get a session to open properly.

Does anyone have any help they can offer me on this please?

TIA,

Peter

 

[yizhar]

HI.

> do I need completely separate crypto map configs for each one?
No.
You can have only a single crypto map.
The same crypto map will have several entries. An entry for each remote site, and an entry for roaming users if you add this later:
crypto map mapname 10 ...
ctypto map mapname 20 ...
...

What version of Pix and PDM do you have?
PDM ver 2 can generate VPN config for you.

You can use pixcript to generate sample config.

http://teachers.sivan.co.il/yizhar#pixcript

And refer to Cisco samples:

http://www.cisco.com/pcgi-bin/Suppo...ementation_and_Configuration#Samples_and_Tips

http://www.cisco.com/warp/public/110/pixhubspoke.html

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar