Lan-to-lan VPN crypto all traffic

Unanswered Question
Nov 13th, 2007

Hi,

Is there a way to make a lan-to-lan VPN between a PIX515 7.2 and a PIX 501 6.3 and to set the 501 side to crypto any traffic through the VPN?

I need that to make the branch office to access internet through the main office's PIX.

I've tried the access list:

permit ip 192.168.30.0 255.255.255.0 any

But it seems not working.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Tue, 11/13/2007 - 07:09

Yes, its possible. If the LAN behind the Pix 501 is 192.168.30.0/24, then your ACL looks right.

permit ip 192.168.30.0 255.255.255.0 any

On the Pix 515, make sure that the ACL configured for the Pix 501 is an mirror image, that is

permit ip any 192.168.30.0 255.255.255.0

Regards,

Arul

guibarati Tue, 11/13/2007 - 07:28

Thanks but it's already an mirror acl at pix 515, when I use the access list with an origin and destination network the vpn works fine, but when i use the "any" keyword it stop encrypting packets

ajagadee Tue, 11/13/2007 - 07:42

Are you saying that the tunnel comes up and does not pass traffic. What about encrypts and decrypts on the SA's

Its hard to say whats going on without the configuration. But, one thing you want to check is overlapping access-lists.

Regards,

Arul

Actions

This Discussion