Cisco PIX VPN site-to-site same Public Subnet

Unanswered Question
Nov 30th, 2007

Hello,

I am trying to create a VPN between a Cisco Pix and a Checkpoint firewall both in the same external subnet:-

PIX Outside 172.20.30.1/25

Checkpoint Outside 172.20.30.2/25

This fails with:-

crypto_isakmp_process_block:src:172.20.30.1, dest:172.20.30.2 spt:500 dpt:500

ISAKMP: phase 2 packet is a duplicate of a previous packet

I guess this is possible to do, as I am wanting to encrypt traffic from 2 directly connected customers as to protect both Environments.

Any help would be much appreciated.

Kind Regards

Steven

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Fri, 11/30/2007 - 06:54

If you do a search on Cisco for "checkpoint VPN" you will get some hits. Also make sure the firewall has sysopt permit ipsec.

sadcock123 Fri, 11/30/2007 - 07:00

Thank you for the info.

My main questions is should the VPN work with both public interfaces in the same subnet?

Cheers

Steven

sadcock123 Fri, 11/30/2007 - 08:52

Hello,

Thank you I have managed to sort the Phase 2 issue:-

crypto map rtprules 10 set security-association lifetime seconds 3600 kilobytes 4608000

Fixed the problem.

Kind Regards

Steven

Actions

This Discussion