cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
359
Views
0
Helpful
3
Replies

501 site - site VPN...HELP!!

rob
Level 1
Level 1

Hi All,

I'm pulling my hair out trying to get a really basic vpn running between 2 pix 501's on my work-bench. The PIX's are connected by a cross-over cable on their outside ports and I have followed the following protocol to get it up and running:-

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/products_configuration_example09186a0080094497.shtml#configs

Firstly, is a cross-over cable ok between 2 501's or should I shove a switch in?

Secondly, I believe the VPN becomes active once data starts flowing, is that right? So, a silly question I know, but is it enough just to have a pix on the other end, or should I have some other device such as a laptop on the inside of the remote network to connect to?

thridly, thanks for all your help on this as I've spent a week pulling hair out and not getting anywhere with a deadline looming fast! I'm on msn at webstyleinternet@hotmail.com is anyone is feeling particularly charitable :-)

cheers

Rob

3 Replies 3

Hi Rob,

Without any configuration info or diagnosis done thus far, it is difficult to comment.

However, if you are implementing the configs as shown in the link you provided, then a crossover will not work as the two outside interfaces are in different networks and therefore require a router to communicate.

Have you verified basic connectivity between the two boxes?

mictho
Level 1
Level 1

You do need to pass information through the tunnel before it is established. You can confirm the tunnel with the command sh crypto isakmp sa

You might want to post a copy of the config you’re using from one of the PIX’s. Just zero out anything don’t want to make public.

Yes a copy of the config will help.

But just a little hint;

I once configured a VPN between two pix plugged together, and i got some routing error messages.

Usually, if you plug two PC on the same subnet, you don't need to define a default route on the PCs. They are on the same subnet.

But with the PIX, even thought both outside interface were on the same subnet, and VPN traffic is from peer to peer , i still add to define a route outside command to get the VPN

up and running.

This was with 6.3(3)