12-04-2009 01:28 PM
OK, here is my setup:
ASA 5505 - 192.168.3.1
PIX 501 - 192.168.1.1
PIX 501 - 192.168.1.2
The ASA and the first pix device (192.168.1.1) are connected via site-to-site VPN on the ASA side and the connection works great. I can access hosts in either direction from either network.
I'm attempting to add the second pix device to the ASA's site-to-site configuration, but it's not working. I suspect it's because the devices are on the same subnet, but I'm hoing to find a workaround.
When I have both PIX devices setup for site-to-site on the ASA, the VPN works only for the connection that has the highest priority. The device with the lower priority can only ping the 192.168.3.1 network, but full network connections fail.
Is it possible to do this without changing the subnet on the second PIX?
01-23-2013 12:42 PM
How are you attempting to bring the tunnels up? By pinging something in the 192.168.102.0 or 192.168.101.0 networks, respectively, from an internal machine (not the firewall or packet-tracer)?
Your PSK matches, too, right? Anything from the crypto debugs on both sides?
James
01-23-2013 12:41 PM
Ignore the previous response. GNS3 decided to be a pain. It works - thank you very much
01-23-2013 12:45 PM
Oh good! Glad to see it worked for you
If you have any other questions feel free to ask. I don't frequent the forums that often. In fact, this post is over 3 years old!
James
01-23-2013 12:47 PM
I appreciate that. I will definitely keep you on my contacts list
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide