Re: pix to pix vpn

From: netwrkx (netwrkx@myeastern.com)
Date: Thu Jan 08 2004 - 22:00:10 GMT-3

• Next message: Kaiser Anwar: "classfull routes with an access list"
• Previous message: Barman, Partha: "RE: Two ISPs -- Two NAT Pools, One Inside subnet"
• Maybe in reply to: Wright, Jeremy: "pix to pix vpn"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The pix will see the directly connected network but the site to site is from
an inside network. The pix does not know about the other pixes inside
network. The only way I know of to set this up without the "route" is when
you dynamically obtain the outside interface and use "setroute"

-TV

----- Original Message -----
From: "Wright, Jeremy" <wright@admworld.com>
To: <security@groupstudy.com>
Cc: <ccielab@groupstudy.com>
Sent: Thursday, January 08, 2004 5:04 PM
Subject: pix to pix vpn

> i have a very basic site to site vpn between 2 pix's. they are cabled back
to back. the ip address on the outside interface of pixA is 1.1.1.1/24 and
the outside interface of pixB is 1.1.1.2/24. all of my crypto and isakmp
parameters are correct and acl's are mirror images of each other. pixA
isakmp peer and crypto peer point to 1.1.1.2 and pixB isakmp and crypto
endpoints point to 1.1.1.1. i can only get it to work if each pix has a
default route pointing to the other pix. shouldnt nat0 and the crypto acl
know to point it to the other pix without the default route? the outside
ip's are on the same network so they know how to reach each other. thanks
>
>
>
>
>
>
>
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This message is intended for the use of the individual or entity to which
it is addressed and may contain information that is privileged, confidential
and exempt from disclosure under applicable law. If the reader of this
message is not the intended recipient or the employee or agent responsible
for delivering this message to the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this
communication is strictly prohibited.
> If you have received this communication in error, please notify us
immediately by email reply or by telephone and immediately delete this
message and any attachments. In the U.S. call us toll free at (800)
637-5843.
> Spanish, French, Quebecois French, Portuguese, Polish, German, Dutch,
Turkish, Russian, Japanese and Chinese:
http://www.admworld.com/confidentiality.htm.

• Next message: Kaiser Anwar: "classfull routes with an access list"
• Previous message: Barman, Partha: "RE: Two ISPs -- Two NAT Pools, One Inside subnet"
• Maybe in reply to: Wright, Jeremy: "pix to pix vpn"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:38 GMT-3