Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

tunnelling in pix 515E

hi all,

can anyone tell me that how many vpn tunnels can one pix515e have simultaneously. like i have already set up and established a tunnel (as you see the attached config). on my pix515e we need to have another tunnel created with another partner now. is it possible ? would i need to do something extra as tunnel will be different then the existing one it terms of encryption schemes 3 DES or AES and group 2 in isakmp. please advise

New Member

Re: tunnelling in pix 515E

Yes. PIX support multiple vpn peers. (site to site). You can "show version" to check how many peers and what encryption and hash your pix support. Then negociated with your partner to chose one good for your both.(for example aes+sha for isakmp, and 3des+md5 for ipsec). configuration is same as the first one, just use different sequent number and same MAP NAME!

crypto ipsec transform-set partner2 esp-3des esp-md5-hmac

crypto map transam 20 ipsec-isakmp

crypto map transam 20 match address 200

crypto map transam 20 set peer

crypto map transam 20 set transform-set partner2

crypto map transam interface outside

isakmp enable outside

isakmp key ******** address netmask

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption aes

isakmp policy 20 hash sha

isakmp policy 20 group 1

isakmp policy 20 lifetime 86400

good luck

New Member

Re: tunnelling in pix 515E

thanks rico,

but i am getting this error when i insert the new crypto map

WARNING: This crypto map is incomplete.

To remedy the situation add a peer and a valid access-list to this crypto map.

also when i do

isakmp policy 20 hash sha-1

it says

isakmp policy 20 hash sha-1

Supported values: md5, sha

Any help would be great

CreatePlease to create content