Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

multple ipsec tunnels on PIX 515

We have a PIX 515 with 5 interfaces in it, I have 2 different ISPs connect to 2 different interfaces on the PIX. I want to create 2 different ipsec tunnels from our office on Toronto. Toronto have 2 different ISPs int there router. How can I create 2 different ipsec tunnels on to different interfaces on a PIX 515?

5 REPLIES
Hall of Fame Super Blue

Re: multple ipsec tunnels on PIX 515

Hi

I haven't done this exact configuration but as the crypto map is applied to the interface then i can't see why you cannot create 2 separate crypto maps and apply to the different interfaces.

HTH

Jon

New Member

Re: multple ipsec tunnels on PIX 515

Can I create 2 VPN tunnels coming from the same network on 2 different ISPs?

New Member

Re: multple ipsec tunnels on PIX 515

hi,

yes u can . as far as the other end is trying to connect to two different ip's on the pix. which r assigned from ISP's.

regards

Hall of Fame Super Blue

Re: multple ipsec tunnels on PIX 515

Hi

Well as previous poster said yes you can create 2 VPN tunnels as the peer endpoints will be different. But if the remote and local subnets are the same how will the Toronto office know which VPN tunnel to use. It will probably use the first oen configured in your crypto map and the second one will be left unused.

If your remote and local networks are different for each VPN tunnel there wouldn't be an issue.

Are you trying to achieve redundancy or load balancing. If you are trying to achieve redundancy you could just set both ISP addresses on the pix under your router config

set peer "ISP1 address of pix"

set peer "ISP2 address of pix"

HTH

Jon

New Member

Re: multple ipsec tunnels on PIX 515

Hi,

I have it configured like this - is this wrong for redundancy?

crypto map BACKUP_VPN_TUNNEL 20 ipsec-isakmp

set peer "ISP2 address of pix"

set transform-set MONTREAL_BACKUP

match address MONTREAL_BACKUP_TUNNEL

!

crypto map PRIMARY_VPN_TUNNEL 10 ipsec-isakmp

set peer "ISP1 address of pix"

set transform-set MONTREAL_PRIMARY

match address MONTREAL_PRIMARY_TUNNEL

Pete

139
Views
0
Helpful
5
Replies
CreatePlease to create content