05-31-2007 08:52 AM - edited 03-11-2019 03:23 AM
I have a PIX 515E with a 4 port FE card and an ASA 5520 with 4 GE interfaces and I need to know if I can enable isakmp on two interfaces on the same firewall. I have included a drawing for a little better understand of what I am trying to do.
05-31-2007 11:07 AM
I know you can with 7.x code and believe you can with 6.x.
Create a different crypto map for each interface. Then you'll need routes for networks on either side. If your outside int is the default route then your fine for the networks on the l2l. You'll need static or routes from a routing protocol so the traffic knows how to reach the l2l network connected to int JRP. If you don't it will use the default route and won't work.
Other then that it's the same setup for a L2L tunnel.
Let me know if you have any questions.
Thanks,
Chad
Please rate if this helps!
05-31-2007 11:28 AM
You answered my question thank you very much. I am running 7.2 code on my PIX 515E's and I didn't have one to test and verify if I could or not. Once I get my VPN tunnels up between the firewall I will be running GRE tunnels from the core 6509's and any way so I will only need to route the traffic for the tunnel source and destination address so I should work. Thanks again for the info.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide