VPN termination

Unanswered Question
Mar 3rd, 2008

Hi All,

My organiztion has multiple offices inter connected internet through IPSec VPN using pix Firewalls.

We have two locations which are having a different firewall (GTA ).

At our central site we have two different network one for data one for voice.

From the above mentioned firewall location we can access only one network at any point time , though i have created a two saperate tunnels for the both the private networks.

Is it possible to terminate the VPN tunnel on the one of the free public in the WAN ip series of the PIX firewall.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
husycisco Tue, 03/04/2008 - 03:08

Hi Syed

"Is it possible to terminate the VPN tunnel on the one of the free public in the WAN ip series of the PIX firewall"

No it is not possible. But you dont need a different peer IP for simultaneous tunnels to work. If you post your sanitized running config, I may suggest you some changes.


syedarif25 Thu, 03/06/2008 - 23:11

Hi ,

Thaks for the reply.

Let me brief you what is the problem that i am facing.

We have a GTA Firewall Cluster from One at one of our location, we have one more location which is having CISCO pix 515e that location has two network one is data and there an internal router to which the VOIP which is on a differetn network is configured.

Now i have configured the VPN tunnel between the Data networks between these two firewalls and its works fine, when i tried adding the VOIP network of the PIX side then only one tunnel come up any point in time not both.

Similary i have one more location with pix 506 and i have configured the tunnel between the PIX 506 e and PIX 515e for data and voip network it works fine.

I was suggested by the the GTA support team to check if i can terminate the vpn on the different ip.

Basic idea is we have arond 24 locations with all comination of firewalls, we should be able to reach the VOIP netowrk of PIX 515E locations as the CCM is located there.

Awatinig for your reply.




This Discussion