1. Home
  2. Cisco Systems
  3. At a loss

At a loss

Hello,

I have an existing static pix to pix vpn between the UK and France and need now to add a dynamic vpn between the UK and Spain. The static vpn works great but I cannot get a dynamic vpn up and running. The problem I've got is that Spains ISP router is the dhcp server for the pix, so Spain's pix has not got a public ip address. I've included the configs (the important bits anyway) for somebody to cast their beady eye over. Any help would be greatly appreciated.

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ UK PIX:

PIX Version 6.3(3)

access-list NO-NAT permit ip 10.1.1.0 255.255.255.0 10.1.3.0

255.255.255.0 access-list NO-NAT permit ip 10.1.1.0 255.255.255.0 10.1.4.0 255.255.255.0 access-list SPAIN permit ip 10.1.1.0 255.255.255.0 10.1.4.0 255.255.255.0 access-list FRANCE permit ip 10.1.1.0 255.255.255.0 10.1.3.0 255.255.255.0

ip address outside xx.xx.xx.xx xx.xx.xx.xx ip address inside 10.1.1.16 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list NO-NAT nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 UK_ISP_ROUTER 1

floodguard enable

sysopt connection permit-ipsec crypto ipsec transform-set aptset esp-3des esp-md5-hmac crypto dynamic-map mydyn 20 set transform-set aptset crypto map aptmap 10 ipsec-isakmp crypto map aptmap 10 match address FRANCE crypto map aptmap 10 set peer 84.96.22.140 crypto map aptmap 10 set transform-set aptset crypto map aptmap 20 ipsec-isakmp dynamic mydyn crypto map aptmap interface outside

isakmp enable outside isakmp key ******** address xx.xx.xx.xx netmask 255.255.255.255 no-xauth isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth isakmp nat-traversal 20 isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400

isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SPAIN PIX:

PIX Version 6.3(3)

access-list UK permit ip 10.1.4.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list NO-NAT permit ip 10.1.4.0 255.255.255.0 10.1.1.0

255.255.255.0

ip address outside dhcp

Reply to
morgan.ian
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.