Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
1
Replies

two VPNs into a PIX from two routers that share the same branch LAN?

mafinnerty
Level 1
Level 1

‎09-03-2007 06:06 AM - edited ‎03-11-2019 04:05 AM

does anyone know if its possible to have two routers at a remote branch (one primary, the other backup with HSRP) connecting back via IPsec VPN's to a Head office PIX 515E with ver6.3.5.

When I lab the scenario, the pix seems to get confused in fail-over scenarios and I need to clear the vpns (clear crypto sa) on the routers to make the vpns come back up. thoughts?

the pix has the two routers as peers under the one crypto map:

access-list vpn400 permit ip 172.21.0.0 255.255.0.0 10.86.200.0 255.255.255.0

crypto ipsec transform-set avalanche esp-des esp-md5-hmac

crypto map forsberg 21 ipsec-isakmp

crypto map forsberg 21 match address vpn400

crypto map forsberg 21 set peer 221.133.231.6

crypto map forsberg 21 set peer 100.0.0.2

crypto map forsberg 21 set transform-set avalanche

crypto map forsberg 21 set security-association lifetime seconds 3600 kilobytes 4608000

crypto map forsberg interface outside

i

sakmp enable outside

isakmp key ******** address 221.133.231.6 netmask 255.255.255.255

isakmp key ******** address 100.0.0.2 netmask 255.255.255.255

Labels:
0 Helpful
1 Reply 1

a.alekseev
Level 7
Level 7

‎09-03-2007 06:06 AM

on routers you should enable RRI

on PIX and routers try to enable "crypto isakmp keepalive"

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card