Re: Basic PIX question

michiganheart · ‎03-12-2004

How many seperate VPN tunnels can you specify through crypto map statements?

drolemc · ‎03-18-2004

The data sheet specifies only the maximum number of tunnels simultaneously supported, ie the number of active tunnels. I believe the number of tunnels configured can exceed that number and is limited only by the size of the configuration file. You could refer to the data sheets to figure out the exact number of VPN tunnels simultaneously supported. http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheets_list.html

If you are looking for a configuration example, you can refer to the configuration example at http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080093bd3.shtml. PIX 'Central' in the config example is configured for VPN with two remote destinations.

michiganheart · ‎03-18-2004

Thank You. 1 more question for you, for multiple tunnels, do you need more than 1 IP address to terminate them on? Or can 1 address serve as the endpoint for multiple tunnels?

revangelista · ‎03-19-2004

Yes, 1 address should suffice. For example, if you have a PIX firewall terminating a tunnel from a VPN router in LA or SF, those two remote devices will be terminating on the 'outside' interface (one IP address) of the PIX.

michiganheart · ‎03-19-2004

Once again thank you.

michiganheart · ‎03-19-2004

sorry 1 more question came to mind. Is the 1 address

capable of terminating dfferent types of tunells? ie

VPN clients and static VPN hosts?

mostiguy · ‎03-19-2004

it is not a problem to have one pix, on one address, terminate both site to site tunnels as well as dynamically addressed vpn clients

michiganheart · ‎03-19-2004

Thanks