I' trying to create a hub and spoke VPN so two remote sites can have a ipsec tunnel to the central office.
Is it possable to create this situation using a pix 501 at each site?
As I have one of my remote sites that can connect to the central site and one that cant. I am not getting any debug information to help me fix the failing tunnel. Where as the other tunnel is giving me information all the time.
I have put another pix at the failing remote site but that has not helped.
Yes both sites are the same. I have followed a sample config on the cisco web site, under the sample config section for the PIX firewall. This is a new VPN infrastructure, so they never had a link to ping across.
I have configued the central site to accept conections from both remote sites. Would it help if I post the configs
If you are talking about having a PIX as the hub and have communication between the spokes via the hub, forget it. Will not work with PIX as hub. You can do this with a router or a concentrator as the hub....PIXs do not have a problem as spokes.
If you are talking about hub-and-spoke with no communication between the spokes via the hub, then that should work with a PIX as the hub.
Thanks, I just want to ask such questions. Because I used pix as hub and let spokes communicate through pix. of course, I failed, they just can communicate with hub lan.
Now I know we should use router or concentrator, do we need special configs in order to let spokes communicate through router or concentrator? eg some special maps. or we just config each spoke to hub, once they can communicate with hub, then they can communicate with each other through hub?
If you want to use concentrators, then the setup is similar to building site-to-sites from the hub to the spokes. The difference is, in the tunnel with spoke 1, have the local/remote proxy identities include the network behind spoke 2 and in the tunnel with spoke 2 include network behind spoke 1 as local/remote identity.
Then you need to add routes to each of the spoke to direct them to the hub for the remote sites, if required.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :