At a loss

Discussion in 'Cisco' started by morgan.ian@gmail.com, Oct 5, 2005.

  1. Guest

    Hello,

    I have an existing static pix to pix vpn between the UK and France and
    need now to add a dynamic vpn between the UK and Spain. The static vpn
    works great but I cannot get a dynamic vpn up and running. The problem
    I've got is that Spains ISP router is the dhcp server for the pix, so
    Spain's pix has not got a public ip address. I've included the configs
    (the important bits anyway) for somebody to cast their beady eye over.
    Any help would be greatly appreciated.

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    UK PIX:

    PIX Version 6.3(3)

    access-list NO-NAT permit ip 10.1.1.0 255.255.255.0 10.1.3.0
    255.255.255.0
    access-list NO-NAT permit ip 10.1.1.0 255.255.255.0 10.1.4.0
    255.255.255.0
    access-list SPAIN permit ip 10.1.1.0 255.255.255.0 10.1.4.0
    255.255.255.0
    access-list FRANCE permit ip 10.1.1.0 255.255.255.0 10.1.3.0
    255.255.255.0

    ip address outside xx.xx.xx.xx xx.xx.xx.xx
    ip address inside 10.1.1.16 255.255.255.0

    global (outside) 1 interface

    nat (inside) 0 access-list NO-NAT
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0

    route outside 0.0.0.0 0.0.0.0 UK_ISP_ROUTER 1

    floodguard enable

    sysopt connection permit-ipsec
    crypto ipsec transform-set aptset esp-3des esp-md5-hmac
    crypto dynamic-map mydyn 20 set transform-set aptset
    crypto map aptmap 10 ipsec-isakmp
    crypto map aptmap 10 match address FRANCE
    crypto map aptmap 10 set peer 84.96.22.140
    crypto map aptmap 10 set transform-set aptset
    crypto map aptmap 20 ipsec-isakmp dynamic mydyn
    crypto map aptmap interface outside

    isakmp enable outside
    isakmp key ******** address xx.xx.xx.xx netmask 255.255.255.255
    no-xauth
    isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth
    isakmp nat-traversal 20
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption 3des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400

    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption 3des
    isakmp policy 20 hash md5
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
    SPAIN PIX:

    PIX Version 6.3(3)

    access-list UK permit ip 10.1.4.0 255.255.255.0 10.1.1.0 255.255.255.0
    access-list NO-NAT permit ip 10.1.4.0 255.255.255.0 10.1.1.0
    255.255.255.0

    ip address outside dhcp <--------------------- this picks up an ip
    address from the ISP router's dhcp (100.1.4.6-100.1.4.10). The ISP
    router's inside address is 100.1.4.1
    ip address inside 10.1.4.10 255.255.255.0

    global (outside) 1 interface

    nat (inside) 0 access-list NO-NAT
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0

    route outside 0.0.0.0 0.0.0.0 SPAIN_ISP_ROUTER 1

    floodguard enable

    sysopt connection permit-ipsec
    crypto ipsec transform-set aptset esp-3des esp-md5-hmac
    crypto map aptmap 10 ipsec-isakmp
    crypto map aptmap 10 match address UK
    crypto map aptmap 10 set peer UK_PIX
    crypto map aptmap 10 set transform-set aptset
    crypto map aptmap interface outside

    isakmp enable outside
    isakmp key ******** address UK_PIX netmask xx.xx.xx.xx no-xauth
    isakmp nat-traversal 20
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption 3des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    , Oct 5, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Davo

    WEP Key loss

    Davo, Jul 23, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    1,409
  2. francis.gerard

    Re: connection loss every 5 minutes

    francis.gerard, Jul 27, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    3,495
    francis.gerard
    Jul 27, 2004
  3. Mike S

    wireless connection and packet loss problem

    Mike S, Sep 18, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    2,992
    Mike S
    Sep 18, 2004
  4. nospam

    Loss of DNS/ARP responses from Linksys WAG54G

    nospam, Feb 12, 2005, in forum: Wireless Networking
    Replies:
    6
    Views:
    2,615
    nospam
    Feb 15, 2005
  5. Rob D

    Loss of WPA availability after reinstall

    Rob D, Feb 27, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    2,436
    Rob D
    Mar 1, 2005
Loading...

Share This Page