Hi,
We have two remote sites, that due to their location and cost constraints, we cannot include in our MPLS model. Both of these sites are in the same country, and each site has a Cisco PIX515E. Our head office has a PIX525.
At each site I've set up an IPSEC tunnel back to our head office, these VPNs come up fine and traffic passes.
The problem I have is getting a VPN set up between the two remote sites (that is, PIX515E to PIX515E). I've put what I believe to be the necessary configuration into both firewalls, but the tunnel refuses to come up.
Are there any special considerations that I should observe to get this to work on the 515s? Both firewalls have unrestricted VPN peer licenses, each of the remote networks is using a distinct class C network (Site1 is 10.10.254.0/24 and Site2 is 10.10.253.0/24) and access-lists/pre-shared keys and the like are all exact at both ends.
I've seen similar behaviour where a tunnel won't come up in the past if you try to VPN networks that exist within a route inside statement, but this isn't the case here.
I'd appreciate any pointers here.
Thanks,
Martin