03-19-2004 02:54 PM
I have a PIX 506e firewall that has a site-to-site VPN to a Sonicwall Pro 330 firewall which works perfectly. I would like to add the functionality of connecting remote users to the PIX network using Cisco's VPN client. I am running into the issue of only having a single crypto map applied to the outside interface. I need the functionality of having the tunnel between the site-to-site VPN able to be initiated from either side so I can't use a dynamic crypto map. Does anyone have any suggestions or knowledge on how to accomplish this?
Thanks.
Solved! Go to Solution.
03-23-2004 07:15 AM
You dont need to add another crypto map to the outside interface. You just add the client information to your existing map for example:
crypto ipsec transform-set YOURSET esp-3des esp-sha-hmac
crypto map YOURMAP 10 ipsec-isakmp
crypto map YOURMAP 10 match address 100
crypto map YOURMAP 10 set peer x.x.x.x
crypto map YOURMAP 10 set transform-set YOURSET
crypto dynamic-map CLIENTS 10 set transform-set YOURSET
crypto map YOURMAP 90 ipsec-isakmp dynamic CLIENTS
03-23-2004 07:15 AM
You dont need to add another crypto map to the outside interface. You just add the client information to your existing map for example:
crypto ipsec transform-set YOURSET esp-3des esp-sha-hmac
crypto map YOURMAP 10 ipsec-isakmp
crypto map YOURMAP 10 match address 100
crypto map YOURMAP 10 set peer x.x.x.x
crypto map YOURMAP 10 set transform-set YOURSET
crypto dynamic-map CLIENTS 10 set transform-set YOURSET
crypto map YOURMAP 90 ipsec-isakmp dynamic CLIENTS
03-23-2004 08:02 AM
Thank you. This worked perfectly. I do have one more question. Is it possible to set a different ISAKMP policy to each specific crypto map?
03-24-2004 10:41 AM
Good to hear..
Not really. You can how ever set a different one for the Clients by making the policy you want to use for them as the first policy.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide