Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

bidirectional vpn


is it possible to have a bidirecional vpn on a pix to pix configuration?



Re: bidirectional vpn

just wondering if you are referring to a lan-lan vpn, which can be established from either sites. one requirement for this scenario is that both sites have to have a static ip.

New Member

Re: bidirectional vpn

yes..its lan to lan vpn...actually the existing vpn is already there and it was a hub and spoke. There are 2 spokes and evrything is working fine but only in the direction from spokes to hub.

Now that we hav a public ip on one of the spokes, our objective now is to do bidirectional VPN on this hub to the spoke.

Any sample configuration of this kind if you have will be very much appreciated.


Re: bidirectional vpn

below are the sample codes:

access-list 101 permit ip

access-list 121 permit ip

ip address outside

ip address inside

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map myvpn 10 ipsec-isakmp

crypto map myvpn 10 match address 121

crypto map myvpn 10 set peer

crypto map myvpn 10 set transform-set myset

crypto map myvpn interface outside

isakmp enable outside

isakmp key cisco123 address netmask no-xauth no-config-mode

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

CreatePlease to create content