Pix to Pix VPN setup help

johns · ‎07-23-2007

I am setting up a VPN between two offices. Each office has a T1, 1700 series router, and a PIX firewall (I believe they are 515 series). Each of the firewalls has a public IP on the outside interface and a NAT IP on the inside interface. Once I setup the VPN how do I make the PIX "route" the internal traffic (how does PIX A know what the private adderss is of PIX B)?

Jon Marshall · ‎07-23-2007

Hi

Office 1 using Pix A has clients on the inside using 192.168.5.0/24

Office 2 uses 172.16.5.0/24

When you setup the VPN you define crypto map access-lists eg for office 1

access-list permit ip 192.168.5.0 255.255.255.0 172.16.5.0 255.255.255.0

This access-list defines the intersting traffic ie. it tells the pix which traffic it needs to encrypt.

So if Pix A receives traffic destined for 172.16.5.x it knows that it needs to send that traffic down the VPN tunnel to Pix B.

So you don't need routes on the pix firewalls pointing to each other for the local and remote networks.

Hope this makes sense

Jon