Hello I have 2 cisco PIX firewalls. Ihave VPN servers on both of PIX. How can i make VPN site to site this is mu config
Office PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname fwl1 names object-group service tcp_19 tcp description tcp ports for server on address 80.80.80.19 port-object eq www port-object eq https access-list outside_access_in permit icmp any any log access-list outside_access_in permit tcp any host 80.80.80.19 object-group tcp_19 access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0
255.255.255.0 ip address outside 80.80.80.18 255.255.255.240 ip address inside 192.168.1.1 255.255.255.0 ip local pool ippool 192.168.2.14-192.168.2.20 global (outside) 10 interface nat (inside) 0 access-list 101 nat (inside) 10 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 80.80.80.19 192.168.1.28 netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 80.80.80.17 1 http server enable http 192.168.1.0 255.255.255.0 inside sysopt connection permit-ipsec crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map inside_map interface inside crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap interface outside isakmp enable outside isakmp nat-traversal 10 isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup VPN-O address-pool ippool vpngroup VPN-O dns-server 192.168.1.2 vpngroup VPN-O wins-server 192.168.1.2 vpngroup VPN-O default-domain mydomain.com vpngroup VPN-O split-tunnel 101 vpngroup VPN-O idle-time 1800 vpngroup VPN-O password ******************** vpdn enable outside dhcpd address 192.168.1.30-192.168.1.120 inside dhcpd dns dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd domain aaa.com dhcpd auto_config outside dhcpd enable insideRemote office PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname fwl2 object-group service tcp_114 tcp object-group service udp_114 udp object-group service tcp_115 tcp object-group service udp_115 udp object-group service tcp_116 tcp object-group service udp_116 udp object-group service tcp_117 tcp object-group service tcp_118 tcp object-group service udp_118 udp access-list outside_access_in permit icmp any any log access-list outside_access_in permit tcp any host 90.90.90.114 object-group tcp_114 access-list outside_access_in permit udp any host 90.90.90.114 object-group udp_114 access-list outside_access_in permit tcp any host 90.90.90.115 object-group tcp_115 access-list outside_access_in permit udp any host 90.90.90.115 object-group udp_115 access-list outside_access_in permit tcp any host 90.90.90.116 object-group tcp_116 access-list outside_access_in permit udp any host 90.90.90.116 object-group udp_116 access-list outside_access_in permit tcp any host 90.90.90.117 object-group tcp_117 access-list outside_access_in permit tcp any host 90.90.90.118 object-group tcp_118 access-list 101 permit ip 90.90.90.112 255.255.255.248 192.168.2.0
255.255.255.0 ip address outside 90.90.66.239 255.255.254.0 ip address inside 90.90.90.113 255.255.255.248 global (outside) 100 interface nat (inside) 0 access-list 101 nat (inside) 10 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 90.90.90.114 90.90.90.114 netmask 255.255.255.255 0 0 static (inside,outside) 90.90.90.115 90.90.90.115 netmask 255.255.255.255 0 0 static (inside,outside) 90.90.90.116 90.90.90.116 netmask 255.255.255.255 0 0 static (inside,outside) 90.90.90.117 90.90.90.117 netmask 255.255.255.255 0 0 static (inside,outside) 90.90.90.118 90.90.90.118 netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 90.90.66.1 1 sysopt connection permit-ipsec crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map inside_map interface inside crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap interface outside isakmp enable outside isakmp nat-traversal 10 isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup VPN-D address-pool ippool vpngroup VPN-D dns-server 90.90.90.115 vpngroup VPN-D wins-server 90.90.90.115 vpngroup VPN-D default-domain thoughtwebfinancial.com vpngroup VPN-D split-tunnel 101 vpngroup VPN-D idle-time 1800 vpngroup VPN-D password ***************************** : endWill it work can i have VPN servers and VPN site to site?
Thank you Robert