ipsec vpn site-to-site setting up for the first time

zaqtivi · ‎07-05-2007

i'm setting up ipsec vpn (site-to-site) between a pix 525 and a 3660 for the first time. i'm setting this up in a lab

environment. i have set up static ips only for simplicity. from the pix 525, i can ping up to 3660's 172.17.63.230 but not the LAN IP of 10.2.2.1. what do i need to do ? any help is much appreciated. thank you.

topology:

pix 525 -- r1 -- r2 -- 3660

topology with the IPs:

<10.1.1.1> pix 525 <172.17.63.213> -- <172.17.63.209> r1 <12.1.1.1> -- <12.1.1.2> r2 <172.17.63.225> -- <172.17.63.230> 3660 <10.2.2.1>

Jon Marshall · ‎07-05-2007

Hi

Could you post the config for r2.

Also on a more general note. Setting up IPSEC VPN's to get experience with them is a lot easier if you have hosts on either LAN rather than trying to ping between the 2 IPSEC peer gateways.

Jon

krishnakomiti · ‎07-06-2007

Hi,

I think in Pix525 we have to add another command also. Please try this command "sysopt connection permit-ipsec" in config mode.

Cheers,

Krishna.