How do I put crypto dynamic-map and crypto map under one map?
I have a PIX connected to two sites using VPN. the other two sites are running SonicWall and Checkpoint respectively. The SonicWall side is using a dynamic DHCP ip address, while the checkpoint side is using a static ip address. It looks like PIX does not allow me to put 2 crypto map on my external PIX interface, but how do I achieve it when I have a dynamic peer and a static peer at the remote sites?
my configuration is as shown:
PIX Version 6.0(4)
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set test esp-3des esp-sha-hmac
crypto ipsec transform-set panda esp-des esp-sha-hmac
crypto dynamic-map pixosw 10 match address 120
crypto dynamic-map pixosw 10 set transform-set test
crypto map pixtockpt 40 ipsec-isakmp
crypto map pixtockpt 40 match address 140
crypto map pixtockpt 40 set peer 188.8.131.52
crypto map pixtockpt 40 set transform-set panda
crypto map pixtockpt interface outside ( i can't add in the pixosw map here)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...