Pix to Pix VPN setup help

Unanswered Question

I am setting up a VPN between two offices. Each office has a T1, 1700 series router, and a PIX firewall (I believe they are 515 series). Each of the firewalls has a public IP on the outside interface and a NAT IP on the inside interface. Once I setup the VPN how do I make the PIX "route" the internal traffic (how does PIX A know what the private adderss is of PIX B)?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 07/23/2007 - 17:37

Hi

Office 1 using Pix A has clients on the inside using 192.168.5.0/24

Office 2 uses 172.16.5.0/24

When you setup the VPN you define crypto map access-lists eg for office 1

access-list permit ip 192.168.5.0 255.255.255.0 172.16.5.0 255.255.255.0

This access-list defines the intersting traffic ie. it tells the pix which traffic it needs to encrypt.

So if Pix A receives traffic destined for 172.16.5.x it knows that it needs to send that traffic down the VPN tunnel to Pix B.

So you don't need routes on the pix firewalls pointing to each other for the local and remote networks.

Hope this makes sense

Jon

Actions

This Discussion