Cisco PIX VPN site-to-site same Public Subnet

sadcock123 · ‎11-30-2007

Hello,

I am trying to create a VPN between a Cisco Pix and a Checkpoint firewall both in the same external subnet:-

PIX Outside 172.20.30.1/25

Checkpoint Outside 172.20.30.2/25

This fails with:-

crypto_isakmp_process_block:src:172.20.30.1, dest:172.20.30.2 spt:500 dpt:500

ISAKMP: phase 2 packet is a duplicate of a previous packet

I guess this is possible to do, as I am wanting to encrypt traffic from 2 directly connected customers as to protect both Environments.

Any help would be much appreciated.

Kind Regards

Steven

Collin Clark · ‎11-30-2007

If you do a search on Cisco for "checkpoint VPN" you will get some hits. Also make sure the firewall has sysopt permit ipsec.

sadcock123 · ‎11-30-2007

Thank you for the info.

My main questions is should the VPN work with both public interfaces in the same subnet?

Cheers

Steven

Collin Clark · ‎11-30-2007

Sorry, yes you should be able to do that.

sadcock123 · ‎11-30-2007

Hello,

Thank you I have managed to sort the Phase 2 issue:-

crypto map rtprules 10 set security-association lifetime seconds 3600 kilobytes 4608000

Fixed the problem.

Kind Regards

Steven