Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN between 5 Pix501

Status
Not open for further replies.
ebusdk

ebusdk

IS-IT--Management
Jan 20, 2005
18
0
0
DK
Hi
Im trying to set up the following:

All the local sites should be able to se the Mainsite "bsn-sverige" and all the other local networks.
I cant get the pix's to work.
If any of you have a running config of the mentioned, please show it to me so I can learn a little
 
Sort by date Sort by votes
Basically what you need is fully meshed, and your will need 5 tunnels from each pix to the other 5 pix'es since you cannot relay the traffic through the swedish main site with a pix.

If you have one tunnel running the other tunnels should be pretty simple to replicate.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Do you have a sampel of that?

The current LAN is like this:

Sweden:
IP : 192.168.1.1-255
SN : 255.255.0.0
GW : 192.168.1.254

Denmark:
IP : 192.168.2.1-255
SN : 255.255.0.0
GW : 192.168.2.254

Dont i have to change the Subnet mask to 255.255.255.0 when i make all the tunnels?


 
Upvote 0 Downvote
Do you have a sampel of that?

The current LAN is like this:

Sweden:
IP : 192.168.1.1-255
SN : 255.255.0.0
GW : 192.168.1.254

Denmark:
IP : 192.168.2.1-255
SN : 255.255.0.0
GW : 192.168.2.254

Dont i have to change the Subnet mask to 255.255.255.0 when i make all the tunnels?
 
Upvote 0 Downvote
The pc's will be a problem as they will believe that they are part of 192.168.0.0/16 and as such will never forward traffic to their default gateway as they would think that the destination 192.168.2.x is part of their own lan.

you would need to nat the entire danish/swedish lan before encrypting which is not a pretty thing.

is full of examples on lan-to-lan tunneling on the pix, try searching.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
wouldent it be better to change the lan subnet to 255.255.255.0? I mean, if i change the lan like this:

Sweden:
IP : 192.168.1.1-255
SN : 255.255.255.0
GW : 192.168.1.254 (router lan)

Denmark:
IP : 192.168.2.1-255
SN : 255.255.255.0
GW : 192.168.2.254 (router lan)

Regards Kristoffer
 
Upvote 0 Downvote
That is kindup to you. If that new IP structure will work for you then, by all means, go for it.


It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)
 
Upvote 0 Downvote
Ya, but then you would have to change the setup on the pc's as well.


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
the PC's is not a problem (Running DHCP) the servers will take 3 minutes to change with a VBS script in a policy. The Printes on the other hand will take forever :-(
 
Upvote 0 Downvote
Well, yes then your own solution would be best.
Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
241
intel233
intel233
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
80
WhosYourDiffie
WhosYourDiffie
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
106
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
297
Shmid
Shmid
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
73
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top