03-29-2006 08:23 AM - edited 02-21-2020 02:20 PM
(assume a 515e running 6.3 with a 4 port ethernet expansion card)
Greetings,
I've done numerous vpn setups for pixes, but never have I had to make a vpn terminate anywhere but the inside interface. Is it possible to have the VPN terminate to one of the other 4 interfaces on the expansion card. I need to set up vpns to the different networks, but cannot route between them.
03-29-2006 08:44 AM
YES, you can use the interface of your choice, usualy it is the outside interface that is used for the VPN termination.
config changes in:
1.) crypto map REMOTE interface outside
2.) access-list of the interface
3.) NAT exemption - access-list NONAT
4.) isakmp enable outside
sincerely
Patrick
03-29-2006 09:25 AM
03-30-2006 11:13 AM
Hi Sir,
You should be able to do it if you have the following configured correctly:
1- Access-list ID (of course you will create a fake pool - this is the normail way of doing it on a pix)
2- Nat (networka) 0 access-list ID
Once you get an ip from the pool, try to ping the inside interface of the PIX, but don't forget to include the command: management-access networkA
Thanks and regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: