03-04-2006 08:27 AM - edited 02-21-2020 02:17 PM
hi,
is it possible to have a bidirecional vpn on a pix to pix configuration?
thanks
03-05-2006 12:38 AM
just wondering if you are referring to a lan-lan vpn, which can be established from either sites. one requirement for this scenario is that both sites have to have a static ip.
03-05-2006 05:35 AM
yes..its lan to lan vpn...actually the existing vpn is already there and it was a hub and spoke. There are 2 spokes and evrything is working fine but only in the direction from spokes to hub.
Now that we hav a public ip on one of the spokes, our objective now is to do bidirectional VPN on this hub to the spoke.
Any sample configuration of this kind if you have will be very much appreciated.
03-05-2006 05:44 AM
below are the sample codes:
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 121 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
ip address outside 1.1.1.1 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map myvpn 10 ipsec-isakmp
crypto map myvpn 10 match address 121
crypto map myvpn 10 set peer 1.1.1.2
crypto map myvpn 10 set transform-set myset
crypto map myvpn interface outside
isakmp enable outside
isakmp key cisco123 address 1.1.1.2 netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide