Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco PIX VPN site-to-site same Public Subnet

Hello,

I am trying to create a VPN between a Cisco Pix and a Checkpoint firewall both in the same external subnet:-

PIX Outside 172.20.30.1/25

Checkpoint Outside 172.20.30.2/25

This fails with:-

crypto_isakmp_process_block:src:172.20.30.1, dest:172.20.30.2 spt:500 dpt:500

ISAKMP: phase 2 packet is a duplicate of a previous packet

I guess this is possible to do, as I am wanting to encrypt traffic from 2 directly connected customers as to protect both Environments.

Any help would be much appreciated.

Kind Regards

Steven

4 REPLIES

Re: Cisco PIX VPN site-to-site same Public Subnet

If you do a search on Cisco for "checkpoint VPN" you will get some hits. Also make sure the firewall has sysopt permit ipsec.

New Member

Re: Cisco PIX VPN site-to-site same Public Subnet

Thank you for the info.

My main questions is should the VPN work with both public interfaces in the same subnet?

Cheers

Steven

Re: Cisco PIX VPN site-to-site same Public Subnet

Sorry, yes you should be able to do that.

New Member

Re: Cisco PIX VPN site-to-site same Public Subnet

Hello,

Thank you I have managed to sort the Phase 2 issue:-

crypto map rtprules 10 set security-association lifetime seconds 3600 kilobytes 4608000

Fixed the problem.

Kind Regards

Steven

409
Views
0
Helpful
4
Replies