cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
912
Views
14
Helpful
3
Replies

Site to site VPN using 501 PIX

woods8
Level 1
Level 1

Hi,

I am a newcomer to cisco pixs and I am trying to setup an ipsec vpn between 2 sites. I cant seem to get the vpn tunnel up? Attached are the 2 configs.

Any advice would be very much appreciated.

Thanks in advance.

3 Replies 3

t-heeter
Level 1
Level 1

A small topology diagram would help. Here's a starter.

Site A Pix needs

nat (inside) 0 access-list 100

Site B Pix

crypto map newmap 40 match address 140, NOT 150, access-list 150 does not exist

nat (inside) 0 access-list 100

ajagadee
Cisco Employee
Cisco Employee

Paul,

On FORUM SitA Pix, add the below lines to the configuration.

nat(inside) 0 access-list 100

On FORUM SitB Pix, reconfigure the match address from

crypto map newmap 40 match address 150

To

crypto map newmap 40 match address 140

And if you want to allow FORUM Site B users to have internet access, then you need to configured NAT for NATTing all internet traffic and NAT 0 to bypass NAT for IPSEC Traffic.

For example:

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (inside) 0 access-list 100

After you make the above configuration changes, do a clear xlate, clear cry is sa and clear cry ipsec sa and then bring up the tunnel.

Let me know how it goes.

I hope it helps.

Regards,

Arul

** Please rate all helpful posts **

jmia
Level 7
Level 7

Hi

Take a look at the following document - very good to get you going:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml

Hope this helps and please rate posts!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: