From: Elias Udechime (euchime@xxxxxxxxx)
Date: Fri Jun 07 2002 - 16:48:28 GMT-3
Hi all,
I am trying to tunnel multiple PIX VPNs, to one PIX. I
got chooked on how to configure point to multipoint
pix to pix VPN. IPsec, sha, 3des
The problem is how can I configure PIX1 to accept
IPSec tunnel from the other three. I know that the
other three Pixs need to have the same config.
Drawing:
10.20.22.84
|----------------------Pix2 (10.2.1.1)
Pix1 |-----------------------pix 3 (10.3.1.1)
|-------------------------Pix 4 (10.4.1.1)
Here is my confused configuration
access-list 101 permit ip 10.20.22.84 255.255.255.255
10.2.1.1 255.255.255.0
access-list 101 permit ip 10.20.22.84 255.255.255.255
10.3.1.1 255.255.255.0
access-list 101 permit ip 10.20.22.84 255.255.255.255
10.4.1.1 255.255.255.0
nat (inside) 0 access-list 101
sysopt connection permit-ipsec
Isakmp enable outside
Isakmp identity address
Isakmp Disable Ethernet1
Isakmp disable Ethernet2
Isakmp disable Ethernet3
crypto map engineering interface outside
crypto map engineering 10 match address 101
crypto map engineering 10 set peer 10.4.1.1
crypto map engineering 10 set peer 10.3.1.1
crypto map engineering 10 set peer 10.2.1.1
Isakmp policy 10 encryption 3des
Isakmp policy 10 hash sha
Isakmp policy 10 authentication pre-share
Isakmp policy 10 group 2
Isakmp policy 10 lifetime 28800
crypto ipsec transform-set Head esp-3des esp-sha-hmac
crypto map Head 10 ipsec- isakmp
match address 101
set transform-set Head
crypto ipsec security-association lifetime 3600
vpngroup vpn address-pool ippool
vpngroup vpn dns-server X.X.X.X
vpngroup vpn wins-server X.X.X.X
vpngroup vpn default-domain Next_Kins.com
vpngroup vpn idle-time 1800
vpngroup vpn password ********
vpngroup vpn split-tunnel 101
telnet timeout 5
ssh timeout 5
terminal width 80
PIX520 platform 5.1(2)
Thanks for your help.
Elias
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:28 GMT-3