Lan-to-lan VPN crypto all traffic

guibarati · ‎11-13-2007

Hi,

Is there a way to make a lan-to-lan VPN between a PIX515 7.2 and a PIX 501 6.3 and to set the 501 side to crypto any traffic through the VPN?

I need that to make the branch office to access internet through the main office's PIX.

I've tried the access list:

permit ip 192.168.30.0 255.255.255.0 any

But it seems not working.

Thanks

ajagadee · ‎11-13-2007

Yes, its possible. If the LAN behind the Pix 501 is 192.168.30.0/24, then your ACL looks right.

permit ip 192.168.30.0 255.255.255.0 any

On the Pix 515, make sure that the ACL configured for the Pix 501 is an mirror image, that is

permit ip any 192.168.30.0 255.255.255.0

Regards,

Arul

guibarati · ‎11-13-2007

Thanks but it's already an mirror acl at pix 515, when I use the access list with an origin and destination network the vpn works fine, but when i use the "any" keyword it stop encrypting packets

ajagadee · ‎11-13-2007

Are you saying that the tunnel comes up and does not pass traffic. What about encrypts and decrypts on the SA's

Its hard to say whats going on without the configuration. But, one thing you want to check is overlapping access-lists.

Regards,

Arul