Pix to Pix VPN setup help

Unanswered Question

I am setting up a VPN between two offices. Each office has a T1, 1700 series router, and a PIX firewall (I believe they are 515 series). Each of the firewalls has a public IP on the outside interface and a NAT IP on the inside interface. Once I setup the VPN how do I make the PIX "route" the internal traffic (how does PIX A know what the private adderss is of PIX B)?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Mon, 07/23/2007 - 17:37
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Office 1 using Pix A has clients on the inside using

Office 2 uses

When you setup the VPN you define crypto map access-lists eg for office 1

access-list permit ip

This access-list defines the intersting traffic ie. it tells the pix which traffic it needs to encrypt.

So if Pix A receives traffic destined for 172.16.5.x it knows that it needs to send that traffic down the VPN tunnel to Pix B.

So you don't need routes on the pix firewalls pointing to each other for the local and remote networks.

Hope this makes sense



This Discussion