i have an existing 3 sites VPN using pix firewall.
A - Hub
B and C - are spokes
All 3 sites (A, B, C) have public IPs.
Present scenario - B and C could tunnel to A.
Now, the customer wanted B to communicate with C and vice versa.
Ive tried creating a tunnel directly from B to C but it fails, and look like theres a looping going on. I could see on the SH IPSEC SA on B that the ipsec peer is changing between the public IP of A and C.
Yes .. this is definetely possible but you need to make the access-list applied to the crypto maps are not overlapping ... In other words make sure that the IPsec tunnel from spoke one to hub DOES not also include the IP addresses that belong to spoke 2.
So you will need one crypto map with 2 policy numbers ( one to the hub, the other one to the spoke 2) ..
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set pfs
crypto map outside_map 20 set peer
crypto map outside_map 20 set transform-set AWU_Transform
crypto map outside_map 40 ipsec-isakmp
crypto map outside_map 40 match address outside_cryptomap_40
crypto map outside_map 40 set pfs group2
crypto map outside_map 40 set peer
crypto map outside_map 40 set transform-set AWU_Transform
The outside_cryptomap_20 and outside_cryptomap_40 define the traffic to be encrypted and the peer to use.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...