PIX config-site to site and site to client.

Unanswered Question
Jul 15th, 2008


We are using IPsec b/w site to site (Bangalore A and US B).We need to configure Bangalore PIX for VPN Connection also from Bangalore A to Cheenai C (Site to client).What would be the configuration? Whether this PIX Version 6.3(4) will support.

The site to site configuration is as follows.

crypto ipsec transform-set strong esp-des esp-sha-hmac

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map BLR 20 ipsec-isakmp

crypto map BLR 20 match address 102

crypto map BLR 20 set peer

crypto map BLR 20 set transform-set strong

crypto map BLR interface outside

isakmp enable outside

isakmp key A3L791-10BLU-2 address netmask

isakmp identity address

isakmp nat-traversal 20

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash sha

isakmp policy 20 group 1

isakmp policy 20 lifetime 86400

telnet inside

telnet timeout 5

ssh timeout 5

console timeout 0

username xxx password xxx encrypted privilege 15

terminal width 80


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dhananjoy chowdhury Tue, 07/15/2008 - 22:18

Hi Manjunath,

First of all I would suggest you to upgrade the IOS to atleast 7.0.

You can configure the both site 2site and client2site vpns on the same box. But be carefull when creating the crypto map for the remote vpn.

Here is an example of adding remote vpn config in the same FW with an existing site2site vpn.


Hope this helps.



This Discussion