09-11-2002 11:10 PM - edited 03-09-2019 12:17 AM
I'm using site to site vpn on pix 501's using pre-shared keys. I just followed the instructions contained at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/sit2site.htm
what do I need to add to these configs if I have multiple internal networks on each pix. ie the above doc as an internal network of 192.168.12.0 on pix firewall 1 and and 10.0.0.0 on pix firewall 2 if there is additional internal networks on pix firewall 1 ie 192.168.13.0 and an additional internal network on pix firewall 2 of 10.0.1.0 what additional commands have to be added to the config.
09-12-2002 03:50 PM
Hi Corey,
In this case, you just need to add to the existing access-lists attached to the crypto map and so lets say your access-list has the following right now:
access-list 90 permit ip 192.168.12.0 255.255.255.0 10.0.0.0 255.255.255.0
So what you add is the following to this access-list for your situation:
access-list 90 permit ip 192.168.13.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list 90 permit ip 192.168.12.0 255.255.255.0 10.0.1.0 255.255.255.0
access-list 90 permit ip 192.168.13.0 255.255.255.0 10.0.1.0 255.255.255.0
Kindly let me know if this explains it fine,
Regards,
Aamir
-=-=-
09-12-2002 06:41 PM
would these access-lists be added to both pix's? if so would they be in the same format?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide