Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco PIX 515E multiple VPN question

Reply
Thread Tools

Cisco PIX 515E multiple VPN question

 
 
Martin
Guest
Posts: n/a
 
      04-02-2008
Hi,

We have two remote sites, that due to their location and cost
constraints, we cannot include in our MPLS model. Both of these sites
are in the same country, and each site has a Cisco PIX515E. Our head
office has a PIX525.

At each site I've set up an IPSEC tunnel back to our head office,
these VPNs come up fine and traffic passes.

The problem I have is getting a VPN set up between the two remote
sites (that is, PIX515E to PIX515E). I've put what I believe to be the
necessary configuration into both firewalls, but the tunnel refuses to
come up.

Are there any special considerations that I should observe to get this
to work on the 515s? Both firewalls have unrestricted VPN peer
licenses, each of the remote networks is using a distinct class C
network (Site1 is 10.10.254.0/24 and Site2 is 10.10.253.0/24) and
access-lists/pre-shared keys and the like are all exact at both ends.

I've seen similar behaviour where a tunnel won't come up in the past
if you try to VPN networks that exist within a route inside statement,
but this isn't the case here.

I'd appreciate any pointers here.

Thanks,

Martin
 
Reply With Quote
 
 
 
 
Scott Townsend
Guest
Posts: n/a
 
      04-02-2008
The last time my routs didn't come up was because I didn;t have my Access
list configured for the tunnel and that my NAT statements got wiped out.

I made sure the No-nat access list and the tunnel Access lists were up to
snuff and the tunnel came up.

Scott<-
"Martin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> We have two remote sites, that due to their location and cost
> constraints, we cannot include in our MPLS model. Both of these sites
> are in the same country, and each site has a Cisco PIX515E. Our head
> office has a PIX525.
>
> At each site I've set up an IPSEC tunnel back to our head office,
> these VPNs come up fine and traffic passes.
>
> The problem I have is getting a VPN set up between the two remote
> sites (that is, PIX515E to PIX515E). I've put what I believe to be the
> necessary configuration into both firewalls, but the tunnel refuses to
> come up.
>
> Are there any special considerations that I should observe to get this
> to work on the 515s? Both firewalls have unrestricted VPN peer
> licenses, each of the remote networks is using a distinct class C
> network (Site1 is 10.10.254.0/24 and Site2 is 10.10.253.0/24) and
> access-lists/pre-shared keys and the like are all exact at both ends.
>
> I've seen similar behaviour where a tunnel won't come up in the past
> if you try to VPN networks that exist within a route inside statement,
> but this isn't the case here.
>
> I'd appreciate any pointers here.
>
> Thanks,
>
> Martin



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
515e PIX to 501 PIX - site to site vpn Jim.Seedlenissip@gmail.com Cisco 1 02-22-2007 09:31 AM
VPN PIX-_static PIX ; PIX-dynamic_PIX ; VPN Client Svenn Cisco 3 03-13-2006 09:25 AM
PIX 515E, VPN client has no route to outside network via vpn Clemens Schwaighofer Cisco 7 06-13-2005 03:48 PM
VPN in and VPN out on same port on PIX 515E...possible? Steve Baker Cisco 8 04-26-2004 07:10 PM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM



Advertisments