Hello,
I am trying to configure VPN connection between two sites with one pix
and two routers. Is it possible that my pix firewall will have two
different site to site vpn connections with two routers on different
sites? firewall has dynamic IP address and both routers have static ip
addresses. Could anybody help me?
pix > router1
v
router 2
Best Regards,
Muhammed Imran
In article <1177424371.176574.85060@s33g2000prh.googlegroups.com>,
muhammed.imran@gmail.com
>I am trying to configure VPN connection between two sites with one pix
>and two routers. Is it possible that my pix firewall will have two
>different site to site vpn connections with two routers on different
>sites? firewall has dynamic IP address and both routers have static ip
>addresses.
Yes. Use the same 'crypto map' name for both, but put the two
entries into different crypto map policy numbers. If you
are using shared keys, make sure you have a key for each of them.
For example,
crypto map vpn-map 1000 ipsec-isakmp
crypto map vpn-map 1000 match address vpn2cal-acl
crypto map vpn-map 1000 set peer CalpixIP
crypto map vpn-map 1000 set transform-set vca-ea256s
crypto map vpn-map 1001 ipsec-isakmp
crypto map vpn-map 1001 match address vpn2sf-acl
crypto map vpn-map 1001 set peer SFpixIP
crypto map vpn-map 1001 set transform-set vc-ea256s
Also note that you need different ACL names for the two sites,
but your acl for your nat (inside) 0 access-list will have to
have entries for both destinations.