FWSM 3.1(1) and Site-to-site VPN

Is this feature enabled in FWSM? I've been trying to get this working for some day now and get no results at all. I'm not even getting any results from the debug crypto commands

Regards Fredrik Hofgren

Reply to
Hoffa
Loading thread data ...

Hi Fredrik,

The FWSM can connect to another VPN concentrator, such as a Cisco PIX firewall or a Cisco IOS router, using a site-to-site tunnel.

You specify the peer networks that can communicate over the tunnel.

In the case of the FWSM, the only address available on the FWSM end of the tunnel is the interface itself.

Allowing a VPN Management Connection

formatting link
Hope this helps.

Brad Reese BradReese.Com - Cisco Salary and Compensation Rates

formatting link
Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant BradReese.Com - Cisco Job Databases
formatting link

Reply to
www.BradReese.Com

Brad indicated in his reply that a "management VPN" could be set up. I don't know if that is the case; if it is, then it would only be useful for connecting to the FWSM to manage it (e.g., talk to the CLI, or ping the management interface). "management" VPNs use the other kind of IPSec connection -- a kind in which the specifications say firmly that the VPN must only be used between endpoints and never ever used to pass packets -beyond- the security gateway.

For the regular kind of IPSec tunnel, that allows LAN to LAN connections, the answer is NO. The FWSM was deliberately restricted to security, and you need the VPNSM (VPN Services Module) for VPN services.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.