Is this feature enabled in FWSM? I've been trying to get this working for some day now and get no results at all. I'm not even getting any results from the debug crypto commands
Regards Fredrik Hofgren
Is this feature enabled in FWSM? I've been trying to get this working for some day now and get no results at all. I'm not even getting any results from the debug crypto commands
Regards Fredrik Hofgren
Hi Fredrik,
The FWSM can connect to another VPN concentrator, such as a Cisco PIX firewall or a Cisco IOS router, using a site-to-site tunnel.
You specify the peer networks that can communicate over the tunnel.
In the case of the FWSM, the only address available on the FWSM end of the tunnel is the interface itself.
Allowing a VPN Management Connection
Brad Reese BradReese.Com - Cisco Salary and Compensation Rates
Brad indicated in his reply that a "management VPN" could be set up. I don't know if that is the case; if it is, then it would only be useful for connecting to the FWSM to manage it (e.g., talk to the CLI, or ping the management interface). "management" VPNs use the other kind of IPSec connection -- a kind in which the specifications say firmly that the VPN must only be used between endpoints and never ever used to pass packets -beyond- the security gateway.
For the regular kind of IPSec tunnel, that allows LAN to LAN connections, the answer is NO. The FWSM was deliberately restricted to security, and you need the VPNSM (VPN Services Module) for VPN services.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.