Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Pix 515 2 ipsec tunnels

Reply
Thread Tools

Pix 515 2 ipsec tunnels

 
 
chackamakka
Guest
Posts: n/a
 
      09-10-2004
Dear,

I have to configure a pix 515 with 2 ipsec tunnels.

Tunnel 1 to ip 194.39.121.125 with crypto map lifetime 7200 sec
4608000 kb
isakmp pre-share, 3des, md5, df group 2, lifetime 86400

Tunnel 2 to ip 194.172.90.194 with crypto map lifetime 3600
isakmp pre-share, 3des, sha, df group 2, lifetime 86400

Is this configuration correct? If not what does it have to be?

crypto ipsec transform-set secure_OSS-set esp-3des esp-md5-hmac
crypto ipsec transform-set schenker-pab-set esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 3600
crypto map secure_OSS-map 10 ipsec-isakmp
crypto map secure_OSS-map 10 match address secure_OSS
crypto map secure_OSS-map 10 set peer 194.39.121.125
crypto map secure_OSS-map 10 set transform-set secure_OSS-set
crypto map secure_OSS-map 10 set security-association lifetime seconds
7200 kilobytes 4608000
crypto map schenker-pab-map 20 ipsec-isakmp
crypto map schenker-pab-map 20 match address schenker-pab
crypto map schenker-pab-map 20 set peer 194.172.90.194
crypto map schenker-pab-map 20 set transform-set schenker-pab-set
crypto map schenker-pab-map 20 set security-association lifetime
seconds 3600
crypto map schenker-pab-map interface outside
isakmp enable outside
isakmp key ******** address 194.39.121.125 netmask 255.255.255.255
isakmp key ******** address 194.172.90.194 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400

Can anyone help, this is all kind of new to me.

Thanks already

gr,
Philippe Meskens
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      09-10-2004
In article <(E-Mail Removed) >,
chackamakka <(E-Mail Removed)> wrote:
:I have to configure a pix 515 with 2 ipsec tunnels.

:Is this configuration correct? If not what does it have to be?

:crypto map secure_OSS-map 10 ipsec-isakmp

:crypto map schenker-pab-map 20 ipsec-isakmp

No, if you want multiple IPSec tunnels to terminate on the same
interface, then they must all use the same crypto-map name (with
different policy numbers.) You can only have one crypto-map name
active at a time on a [logical] interface.
--
Warhol's Law: every Usenet user is entitled to his or her very own
fifteen minutes of flame -- The Squoire

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Number of IKE Tunnels and IPSec Tunnels philbo30 Cisco 1 04-12-2007 02:16 AM
Tunnels accesing other tunnels on concentrator ljorg Cisco 0 11-22-2006 01:43 PM
PIX 515 to PIX 515 via Internet & IPSec, should I get a VAC? Scott Townsend Cisco 8 02-22-2006 09:59 PM
pix 515 2 ipsec tunnels chackamakka Cisco 1 09-15-2004 02:43 PM
Bandwidth usage on PIX to PIX ipsec vpn tunnels Paul McLaren Cisco 3 07-17-2003 09:58 PM



Advertisments