Re: crypto map on PIX versus router

janousek · ‎02-09-2007

Hi all,

i am looking for eqvivalent of IOS command:

crypto map xxx local-address Loopback0

Is it possible to link crypto map with other IP address as real interface address on PIX?

Thank you in advance.

Richard Burts · ‎02-09-2007

Milan

I believe that the closest command would be:

crypto isakmp enable interface-name

When you associate isakmp with the interface, that determines what the PIX will use as a source address. Since the PIX does not operate with the concept of multiple output interfaces that can get to the same destination, as the IOS does, it does not need a command like local-address which changes the default association of outbound interface as the source address for VPN traffic.

I am not clear what you are attempting to accomplish. Perhaps if we understood this we could find an alternative that would help you.

HTH

Rick

HTH

Rick

janousek · ‎02-11-2007

Hi Rick,

now we have two gateways in our company. One is used for VPN traffic, x.x.x.254 and second is used for normal traffic.

Now we want to unified these gateways to one PIX ... and i am looking for simplest way.

For us, the simplest way is to use crypto map on PIX with IP address x.x.x.254 but with ip address of physical interface x.x.x.y.

Now i know, that it is not possible to do it on PIX ... so i am looking for another solutions.

Problem is, that we have our bussines partners, that know our actual IP ... and have firewalls opened for that IP :)

I think that best solution will be NATing traffic to these customers to old IP.

Thanks for your info.