06-06-2005 03:39 AM - edited 02-21-2020 01:48 PM
Hi All,
I'm pulling my hair out trying to get a really basic vpn running between 2 pix 501's on my work-bench. The PIX's are connected by a cross-over cable on their outside ports and I have followed the following protocol to get it up and running:-
Firstly, is a cross-over cable ok between 2 501's or should I shove a switch in?
Secondly, I believe the VPN becomes active once data starts flowing, is that right? So, a silly question I know, but is it enough just to have a pix on the other end, or should I have some other device such as a laptop on the inside of the remote network to connect to?
thridly, thanks for all your help on this as I've spent a week pulling hair out and not getting anywhere with a deadline looming fast! I'm on msn at webstyleinternet@hotmail.com is anyone is feeling particularly charitable :-)
cheers
Rob
06-06-2005 06:09 AM
Hi Rob,
Without any configuration info or diagnosis done thus far, it is difficult to comment.
However, if you are implementing the configs as shown in the link you provided, then a crossover will not work as the two outside interfaces are in different networks and therefore require a router to communicate.
Have you verified basic connectivity between the two boxes?
06-07-2005 08:18 AM
You do need to pass information through the tunnel before it is established. You can confirm the tunnel with the command sh crypto isakmp sa
You might want to post a copy of the config youre using from one of the PIXs. Just zero out anything dont want to make public.
06-07-2005 10:44 AM
Yes a copy of the config will help.
But just a little hint;
I once configured a VPN between two pix plugged together, and i got some routing error messages.
Usually, if you plug two PC on the same subnet, you don't need to define a default route on the PCs. They are on the same subnet.
But with the PIX, even thought both outside interface were on the same subnet, and VPN traffic is from peer to peer , i still add to define a route outside command to get the VPN
up and running.
This was with 6.3(3)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide