Pix firewall having two site to site connection


I am trying to configure VPN connection between two sites with one pix and two routers. Is it possible that my pix firewall will have two different site to site vpn connections with two routers on different sites? firewall has dynamic IP address and both routers have static ip addresses. Could anybody help me?

pix > router1 v router 2

Best Regards, Muhammed Imran

Reply to
Loading thread data ...

Yes. Use the same 'crypto map' name for both, but put the two entries into different crypto map policy numbers. If you are using shared keys, make sure you have a key for each of them.

For example,

crypto map vpn-map 1000 ipsec-isakmp crypto map vpn-map 1000 match address vpn2cal-acl crypto map vpn-map 1000 set peer CalpixIP crypto map vpn-map 1000 set transform-set vca-ea256s crypto map vpn-map 1001 ipsec-isakmp crypto map vpn-map 1001 match address vpn2sf-acl crypto map vpn-map 1001 set peer SFpixIP crypto map vpn-map 1001 set transform-set vc-ea256s

Also note that you need different ACL names for the two sites, but your acl for your nat (inside) 0 access-list will have to have entries for both destinations.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.