04-04-2007 07:24 AM - edited 02-21-2020 02:57 PM
We have a PIX 515 with 5 interfaces in it, I have 2 different ISPs connect to 2 different interfaces on the PIX. I want to create 2 different ipsec tunnels from our office on Toronto. Toronto have 2 different ISPs int there router. How can I create 2 different ipsec tunnels on to different interfaces on a PIX 515?
04-06-2007 11:37 AM
Hi
I haven't done this exact configuration but as the crypto map is applied to the interface then i can't see why you cannot create 2 separate crypto maps and apply to the different interfaces.
HTH
Jon
04-09-2007 11:03 AM
Can I create 2 VPN tunnels coming from the same network on 2 different ISPs?
04-09-2007 02:21 PM
hi,
yes u can . as far as the other end is trying to connect to two different ip's on the pix. which r assigned from ISP's.
regards
04-09-2007 11:14 PM
Hi
Well as previous poster said yes you can create 2 VPN tunnels as the peer endpoints will be different. But if the remote and local subnets are the same how will the Toronto office know which VPN tunnel to use. It will probably use the first oen configured in your crypto map and the second one will be left unused.
If your remote and local networks are different for each VPN tunnel there wouldn't be an issue.
Are you trying to achieve redundancy or load balancing. If you are trying to achieve redundancy you could just set both ISP addresses on the pix under your router config
set peer "ISP1 address of pix"
set peer "ISP2 address of pix"
HTH
Jon
04-10-2007 07:00 AM
Hi,
I have it configured like this - is this wrong for redundancy?
crypto map BACKUP_VPN_TUNNEL 20 ipsec-isakmp
set peer "ISP2 address of pix"
set transform-set MONTREAL_BACKUP
match address MONTREAL_BACKUP_TUNNEL
!
crypto map PRIMARY_VPN_TUNNEL 10 ipsec-isakmp
set peer "ISP1 address of pix"
set transform-set MONTREAL_PRIMARY
match address MONTREAL_PRIMARY_TUNNEL
Pete
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: