Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
4
Replies

PIX to PIX vpn problem

rick.jones
Level 1
Level 1

‎02-12-2003 09:52 AM - edited ‎02-21-2020 12:21 PM

I have a problem with my PIX to PIX vpn, I have a working VPN with a crypto Map statment applyed to the outside interface and this is working fine with a no nat access-list in a DMZ, I want to add another VPN to the Firewall so I add the ACL for the no nat on the inside interface and then add the acl for the crypto map, all still working

I than add the no nat for the inside interface all still working

So it is tiem to add the Crypto maps

i have to add these to excisting ones with a diff priority number as soon as i put them in the config the Firewall stopr working and need rebooting

Please help

Cheers

Rick

Labels:
0 Helpful
4 Replies 4

pdentico
Level 1
Level 1

‎02-12-2003 10:22 AM

You have to unmap the crypto map from the interface before modifying the crypto maps. Also make sure you have all the elements for a crypto map, or else all hell breaks loose, or should I say no communications through the pix.

I have a text file that unmaps the crypto map then deletes the crypto map then recreate the crypto map with the changes and remaps the crypto map again. This all happens so fast that nothing disconnects. here is an example.

no crypto map vpn-map interface outside

no crypto map vpn-map

crypto map vpn-map 10 ipsec-isakmp

crypto map vpn-map 10 match address (access-list)

crypto map vpn-map 10 set peer xxx.xxx.xxx.xxx

crypto map vpn-map 10 set transform-set 3set

crypto map vpn-map 11 ipsec-isakmp

crypto map vpn-map 11 match address (access-list)

crypto map vpn-map 11 set peer xxx.xxx.xxx.xxx

crypto map vpn-map 11 set transform-set 3set

crypto map vpn-map 18 ipsec-isakmp dynamic remote

crypto map vpn-map interface outside

Hope that helps

0 Helpful

rick.jones
Level 1
Level 1
In response to pdentico

‎02-13-2003 02:14 AM

Thanks for your help I wil give it a try this morning I was going mad so if this fixes my problem I owe you a drink :-)

I will let you know

Thanks

Rick.

0 Helpful

rick.jones
Level 1
Level 1
In response to pdentico

‎02-13-2003 02:15 AM

Thanks for your help I wil give it a try this morning I was going mad so if this fixes my problem I owe you a drink :-)

I will let you know

Thanks

Rick.

0 Helpful

rick.jones
Level 1
Level 1
In response to pdentico

‎02-14-2003 05:38 AM

It worked thank you 4 your help ;-)

I was well stuck thasnk again.

Cheers.

Rick ;-)

0 Helpful
Customers Also Viewed These Support Documents