10-26-2005 02:06 PM - edited 02-21-2020 02:04 PM
I have a customer whom uses their Pix 515E for a Site to Site tunnel to a remote branch. All works well for the tunnel to the remote branch.
I have now also configured the PIX so that it can take incoming tunnel requests from a few mobile users using the Cisco VPN client.
What I am noticing is that each time that I apply one or the other crypto map to the outside interface; it negates the other crypto map being applied to the outside interface.
I am posting the config for inspection (attachment)if anyone would be gracious enough to take a quick look and let me know where my configuration errors are.
I need to support both the Site to Site tunnel as well as the ability for the PIX to handle the VPN clients.
Thank You.
10-26-2005 06:59 PM
pix only allows one crypto map on an interface. having said that, the scenario you've got can be resolved by create multiple instances under one crypto map.
e.g.
crypto ipsec transform-set vpnset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set vpnset
crypto map myvpn 10 ipsec-isakmp dynamic dynmap
crypto map myvpn 20 ipsec-isakmp
crypto map myvpn 20 match address 110
crypto map myvpn 20 set peer
crypto map myvpn 20 set transform-set vpnset
as the sample shown, both dynamic and static vpn are included in crypto map myvpn, and distinuished by different numbers.
10-27-2005 12:09 PM
Thanks. I have configured the PIX and will test tomorrow.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: