11-13-2007 04:34 AM - edited 02-21-2020 03:22 PM
Hi,
Is there a way to make a lan-to-lan VPN between a PIX515 7.2 and a PIX 501 6.3 and to set the 501 side to crypto any traffic through the VPN?
I need that to make the branch office to access internet through the main office's PIX.
I've tried the access list:
permit ip 192.168.30.0 255.255.255.0 any
But it seems not working.
Thanks
11-13-2007 07:09 AM
Yes, its possible. If the LAN behind the Pix 501 is 192.168.30.0/24, then your ACL looks right.
permit ip 192.168.30.0 255.255.255.0 any
On the Pix 515, make sure that the ACL configured for the Pix 501 is an mirror image, that is
permit ip any 192.168.30.0 255.255.255.0
Regards,
Arul
11-13-2007 07:28 AM
Thanks but it's already an mirror acl at pix 515, when I use the access list with an origin and destination network the vpn works fine, but when i use the "any" keyword it stop encrypting packets
11-13-2007 07:42 AM
Are you saying that the tunnel comes up and does not pass traffic. What about encrypts and decrypts on the SA's
Its hard to say whats going on without the configuration. But, one thing you want to check is overlapping access-lists.
Regards,
Arul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide