Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
5
Helpful
2
Replies

multiple site to site and site to client vpn

kjanakiraman
Level 1
Level 1

‎09-23-2002 11:48 AM - edited ‎02-21-2020 12:04 PM

I have a cisco pix 5.15 with 6.1(4) ios. I have implemeted vpn for my mobile users and it is working fine. Now i need to implement site to site with three of remote offices. Should i create three different crypto and isamkp authentication like

crypto ipsec transform-set set1 esp-des esp-md5-hmac

crypto ipsec transform-set set2 esp-des esp-md5-hmac

crypto ipsec transfrom-set set4 esp-des esp-md5-hmac

for there three site to site vpn and create three different crypto maps to associate with three transform set and three different isamkp policy for each and every site? and a fourth one with dynamic crypto and policy for remote client to connect?

Is this the way to configure ?

Can someone advice me how to proceed.

Thanks in Advance

Labels:
0 Helpful
2 Replies 2

awaheed
Cisco Employee
Cisco Employee

‎09-23-2002 01:17 PM

Hi,

You donot have to define seperate transform sets for each IPSec tunnel, kindly look at the config for the Central PIX in the following sample: http://www.cisco.com/warp/public/110/pixhubspoke.html

Additionally you can only have one crypto map applied per Interface so you will use the same crypto map name but with difference instance number. Client and Site to Site on PIX can be implemented as per the following:

http://www.cisco.com/warp/public/110/pixpixvpn.html

Hope this helps,

Regards,

Aamir

-=-=-

kjanakiraman
Level 1
Level 1
In response to awaheed

‎09-23-2002 01:41 PM

Thanks a lot.

In this case is it enought if i have one policy defined. For Eg currently i have

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap client authentication authinbound

isakmp enable outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

For my remote clients to connect to the central site. Now if i want to have site to site then i will define crypto map with different instance number say for eg 20. Should i create isakmp policy 20 authenticaion pre-share .... des,md5 for the new crypto map?

Thanks in Advance

0 Helpful
Customers Also Viewed These Support Documents