Re: Vpn between Pix 501 and 501 and vpn concentrator

criitdept · ‎11-29-2005

Dear all

I currently have a main site and a few remote sites.

At the Main site i have a vpn concentrator 3005 and at the remote sites they have PIX 501's and have VPN's between the PIX's and Concentrator.

I want to now set up a VPN between two of the remote site as well.

Does anyone know of a guide for this and if there is anything specific i need to do to the clients or firewalls.

The firewalls are running version 6.3

Thanks

James

gfullage · ‎11-29-2005

You're basically setting up a fully-meshed network of tunnels here, this is defined in the following sample config:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00800a2cce.shtml

criitdept · ‎11-30-2005

Thanks for the guide.

I have set everything up as instructed in the guide but when i try to access anything on the second tunnel it trys to send everything to the peer on the first tunnel

Any ideas why this would be

Cheers

James

gfullage · ‎11-30-2005

The traffic that issent to a particular peer is defined by the crypto access-list associated with that peer. If you are seeing that traffic is going to the first peer then that is becase the crypto ACL for your first peer includes that traffic pattern.

You need to narrow down the traffic that is going to your first peer so that it doesn't include traffic for the second peer, then define that traffic in the ACL to your second peer.