Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

vpn with multiple hops away from PIX

scenario

net A--3routers--PIX A---vpn---PIX B--net B

The 3 routers are configured statically.

VPN are terminated at both PIXes.

Is it possible to reach network A from network B through VPN?

What additional config do i need on the PIX A?

Thanks a lot.

7 REPLIES

Re: vpn with multiple hops away from PIX

Assuming netA is located behind an inside interface .. it is possible but you need to make sure routing between netA is reachable from the respective interface .. also you need to identify what source IP address comes as when you try pinging the PIX from netA .. the routers is between might be performing NAT in which case your access list for the interersting traffic ( IPsec ) needs to be checked accordingly

New Member

Re: vpn with multiple hops away from PIX

i could reach net A from the PIX. The 3 routers doesnt do natting. they have been configured statically to reach each other.

i have the ff access list and crypto on the PIX A

Iam not including the IKE config as am sure they are working.

NOTE that vpn is working find bidirectionally between the two inside networks of the PIXs.

access-list 100 permit ip net A net B

access-list 110 permit ip net A net B

nat (inside) 0 access-list 100

crypto map mymap 10 ipsec-isakmp

crypto map mymap 10 match address 110

crypto map mymap 10 set peer remoteIP

crypto map mymap 10 set transform-set myset

Re: vpn with multiple hops away from PIX

Hello,

That configuration looks appropriate but it might help if you posted a scrubbed configuration. There might be something else that your missing.

Patrick

New Member

Re: vpn with multiple hops away from PIX

Ok..I am attaching the rough config.

Re: vpn with multiple hops away from PIX

Assuming the same interesting traffic is also configured on PIX B .. then it seem OK However, when you initiate a ping from NetA towards network B are you able to see any packets actually hitting the firewall PIXA ... could it be a routing issue you are experiencing here !!

New Member

Re: vpn with multiple hops away from PIX

yes i could see the acl being hit..note that VPN between net_B and network_X is working fine..I could even ping rtr_B from net_B

New Member

Re: vpn with multiple hops away from PIX

i rebooted the firewall and it works...thanks a lot

116
Views
0
Helpful
7
Replies
CreatePlease to create content