Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-to Site and Easy VPN on PIX

I have a customer whom uses their Pix 515E for a Site to Site tunnel to a remote branch. All works well for the tunnel to the remote branch.

I have now also configured the PIX so that it can take incoming tunnel requests from a few mobile users using the Cisco VPN client.

What I am noticing is that each time that I apply one or the other crypto map to the outside interface; it negates the other crypto map being applied to the outside interface.

I am posting the config for inspection (attachment)if anyone would be gracious enough to take a quick look and let me know where my configuration errors are.

I need to support both the Site to Site tunnel as well as the ability for the PIX to handle the VPN clients.

Thank You.


Re: Site-to Site and Easy VPN on PIX

pix only allows one crypto map on an interface. having said that, the scenario you've got can be resolved by create multiple instances under one crypto map.


crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map myvpn 10 ipsec-isakmp dynamic dynmap

crypto map myvpn 20 ipsec-isakmp

crypto map myvpn 20 match address 110

crypto map myvpn 20 set peer

crypto map myvpn 20 set transform-set vpnset

as the sample shown, both dynamic and static vpn are included in crypto map myvpn, and distinuished by different numbers.

New Member

Re: Site-to Site and Easy VPN on PIX

Thanks. I have configured the PIX and will test tomorrow.