Lan-to-lan VPN crypto all traffic

Unanswered Question
Nov 13th, 2007
User Badges:
  • Bronze, 100 points or more

Hi,


Is there a way to make a lan-to-lan VPN between a PIX515 7.2 and a PIX 501 6.3 and to set the 501 side to crypto any traffic through the VPN?


I need that to make the branch office to access internet through the main office's PIX.


I've tried the access list:


permit ip 192.168.30.0 255.255.255.0 any


But it seems not working.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Tue, 11/13/2007 - 07:09
User Badges:
  • Cisco Employee,

Yes, its possible. If the LAN behind the Pix 501 is 192.168.30.0/24, then your ACL looks right.


permit ip 192.168.30.0 255.255.255.0 any


On the Pix 515, make sure that the ACL configured for the Pix 501 is an mirror image, that is


permit ip any 192.168.30.0 255.255.255.0


Regards,

Arul


guibarati Tue, 11/13/2007 - 07:28
User Badges:
  • Bronze, 100 points or more

Thanks but it's already an mirror acl at pix 515, when I use the access list with an origin and destination network the vpn works fine, but when i use the "any" keyword it stop encrypting packets

ajagadee Tue, 11/13/2007 - 07:42
User Badges:
  • Cisco Employee,

Are you saying that the tunnel comes up and does not pass traffic. What about encrypts and decrypts on the SA's


Its hard to say whats going on without the configuration. But, one thing you want to check is overlapping access-lists.


Regards,

Arul



Actions

This Discussion