Cisco PIX VPN site-to-site same Public Subnet

Unanswered Question
Nov 30th, 2007
User Badges:

Hello,


I am trying to create a VPN between a Cisco Pix and a Checkpoint firewall both in the same external subnet:-


PIX Outside 172.20.30.1/25

Checkpoint Outside 172.20.30.2/25


This fails with:-


crypto_isakmp_process_block:src:172.20.30.1, dest:172.20.30.2 spt:500 dpt:500

ISAKMP: phase 2 packet is a duplicate of a previous packet


I guess this is possible to do, as I am wanting to encrypt traffic from 2 directly connected customers as to protect both Environments.


Any help would be much appreciated.


Kind Regards


Steven

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Fri, 11/30/2007 - 06:54
User Badges:
  • Purple, 4500 points or more

If you do a search on Cisco for "checkpoint VPN" you will get some hits. Also make sure the firewall has sysopt permit ipsec.

sadcock123 Fri, 11/30/2007 - 07:00
User Badges:

Thank you for the info.


My main questions is should the VPN work with both public interfaces in the same subnet?


Cheers


Steven

Collin Clark Fri, 11/30/2007 - 07:03
User Badges:
  • Purple, 4500 points or more

Sorry, yes you should be able to do that.

sadcock123 Fri, 11/30/2007 - 08:52
User Badges:

Hello,


Thank you I have managed to sort the Phase 2 issue:-


crypto map rtprules 10 set security-association lifetime seconds 3600 kilobytes 4608000



Fixed the problem.


Kind Regards


Steven

Actions

This Discussion