I currently have a Cisco Pix 506e setup at our main office. I also have a PIX 506e at a remote office. I've succesfully configured a Site-to-Site VPN tunnel between these two locations. I've purchased an additional Pix 501 for another remote office and wish to do the same (site to site from remote2 to main) I've configured everything properly (from what I can see) and from comparing to the other configuration it should work but its not. Is there restriction on the main office 506 to only allow 1 set of site-to-site vpn? I have 50 connectivity lisences for the 506 so lisencing Shouldn't be an issue as far as I know? Any input would be appreciated, thank you.
The 506e has a max limit of 20 IPsec tunnels so you should be ok for licensing. One problem I came across with multiple tunnels is that you can't have more than one crypto map. Instead, you have to give each additional tunnel a new priority. For example:
no crypto map outside_map1 10 match address outside1 no crypto map outside_map1 10 set peer 10.10.0.3 no crypto map outside_map1 10 set transform-set ESP-3DES-SHA
no crypto map outside_map2 10 match address outside2 no crypto map outside_map2 10 set peer 10.20.0.3 no crypto map outside_map2 10 set transform-set ESP-3DES-SHA
crypto map outside_map 10 match address outside_cryptomap_10 crypto map outside_map 10 set peer 10.10.0.3 crypto map outside_map 10 set transform-set ESP-3DES-SHA
crypto map outside_map 20 match address outside_cryptomap_20 crypto map outside_map 20 set peer 10.20.0.3 crypto map outside_map 20 set transform-set ESP-3DES-SHA
access-list outside_cryptomap_10 extended permit ip 10.1.0.0 255.255.0.0
Please post the IPsec portion of your 501's config. Also, what version of firmware are you using on the two devices. I see vpdn commands so it's definitely < 7.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.