Re: bidirectional vpn

cfajardo1_2 · ‎03-04-2006

hi,

is it possible to have a bidirecional vpn on a pix to pix configuration?

thanks

jackko · ‎03-05-2006

just wondering if you are referring to a lan-lan vpn, which can be established from either sites. one requirement for this scenario is that both sites have to have a static ip.

cfajardo1_2 · ‎03-05-2006

yes..its lan to lan vpn...actually the existing vpn is already there and it was a hub and spoke. There are 2 spokes and evrything is working fine but only in the direction from spokes to hub.

Now that we hav a public ip on one of the spokes, our objective now is to do bidirectional VPN on this hub to the spoke.

Any sample configuration of this kind if you have will be very much appreciated.

jackko · ‎03-05-2006

below are the sample codes:

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 121 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

ip address outside 1.1.1.1 255.255.255.0

ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map myvpn 10 ipsec-isakmp

crypto map myvpn 10 match address 121

crypto map myvpn 10 set peer 1.1.1.2

crypto map myvpn 10 set transform-set myset

crypto map myvpn interface outside

isakmp enable outside

isakmp key cisco123 address 1.1.1.2 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400