Lan-to-lan VPN crypto all traffic

Unanswered Question
Nov 13th, 2007


Is there a way to make a lan-to-lan VPN between a PIX515 7.2 and a PIX 501 6.3 and to set the 501 side to crypto any traffic through the VPN?

I need that to make the branch office to access internet through the main office's PIX.

I've tried the access list:

permit ip any

But it seems not working.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Tue, 11/13/2007 - 07:09

Yes, its possible. If the LAN behind the Pix 501 is, then your ACL looks right.

permit ip any

On the Pix 515, make sure that the ACL configured for the Pix 501 is an mirror image, that is

permit ip any



guibarati Tue, 11/13/2007 - 07:28

Thanks but it's already an mirror acl at pix 515, when I use the access list with an origin and destination network the vpn works fine, but when i use the "any" keyword it stop encrypting packets

ajagadee Tue, 11/13/2007 - 07:42

Are you saying that the tunnel comes up and does not pass traffic. What about encrypts and decrypts on the SA's

Its hard to say whats going on without the configuration. But, one thing you want to check is overlapping access-lists.




This Discussion