Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Configuring two VPN's in the firewall PIX 520

hi.

i have configured two VPN's in my 520 PIX, a VPN with encryption DES and

the another one with 3DES, but only one is working,,,,,,,,,,,,,

each VPN has an access-list associated and the traffic must be avoided

of the nat process, so the statement

"nat (inside) 0 access-list 101" is required,

but i have an access-list 102 too (VPN DES to Spain(access-list 101) and VPN 3DES to California (access-list 102),

how to avoid the nat process of the access-list 101 and access-list 102??

thanks for your help,,,,,,

1 REPLY
New Member

Re: Configuring two VPN's in the firewall PIX 520

If i understand you correctly you are using access-list 101 and 102 for interesting traffic access list. But as you see, you can only apply one access-list to your nonat statement. So what you gonna have to do is create a new access-list for your nonat, say call it access-list nonat, and combine 101/102 into that access list. IE

Current

access-list 101 per ip from here too spain

crypto map mymap 10 match address 101

access-list 102 per ip from here to California

crypto map mymap 20 match address 102

nat (inside) 0 access-list 101

That way doesnt include the traffic thats going to California so make a new access-list:

Proposed

access-list 101 per ip from here too spain

crypto map mymap 10 match address 101

access-list 102 per ip from here to California

crypto map mymap 20 match address 102

access-list nonat per ip from here to spain

access-list nonat per ip from here to California

nat (inside) 0 access-list nonat

Kurtis Durrett

78
Views
5
Helpful
1
Replies
CreatePlease to create content