Cisco PIX 515E multiple VPN question

Discussion in 'Cisco' started by Martin, Apr 2, 2008.

  1. Martin

    Martin Guest

    Hi,

    We have two remote sites, that due to their location and cost
    constraints, we cannot include in our MPLS model. Both of these sites
    are in the same country, and each site has a Cisco PIX515E. Our head
    office has a PIX525.

    At each site I've set up an IPSEC tunnel back to our head office,
    these VPNs come up fine and traffic passes.

    The problem I have is getting a VPN set up between the two remote
    sites (that is, PIX515E to PIX515E). I've put what I believe to be the
    necessary configuration into both firewalls, but the tunnel refuses to
    come up.

    Are there any special considerations that I should observe to get this
    to work on the 515s? Both firewalls have unrestricted VPN peer
    licenses, each of the remote networks is using a distinct class C
    network (Site1 is 10.10.254.0/24 and Site2 is 10.10.253.0/24) and
    access-lists/pre-shared keys and the like are all exact at both ends.

    I've seen similar behaviour where a tunnel won't come up in the past
    if you try to VPN networks that exist within a route inside statement,
    but this isn't the case here.

    I'd appreciate any pointers here.

    Thanks,

    Martin
     
    Martin, Apr 2, 2008
    #1
    1. Advertising

  2. The last time my routs didn't come up was because I didn;t have my Access
    list configured for the tunnel and that my NAT statements got wiped out.

    I made sure the No-nat access list and the tunnel Access lists were up to
    snuff and the tunnel came up.

    Scott<-
    "Martin" <> wrote in message
    news:...
    > Hi,
    >
    > We have two remote sites, that due to their location and cost
    > constraints, we cannot include in our MPLS model. Both of these sites
    > are in the same country, and each site has a Cisco PIX515E. Our head
    > office has a PIX525.
    >
    > At each site I've set up an IPSEC tunnel back to our head office,
    > these VPNs come up fine and traffic passes.
    >
    > The problem I have is getting a VPN set up between the two remote
    > sites (that is, PIX515E to PIX515E). I've put what I believe to be the
    > necessary configuration into both firewalls, but the tunnel refuses to
    > come up.
    >
    > Are there any special considerations that I should observe to get this
    > to work on the 515s? Both firewalls have unrestricted VPN peer
    > licenses, each of the remote networks is using a distinct class C
    > network (Site1 is 10.10.254.0/24 and Site2 is 10.10.253.0/24) and
    > access-lists/pre-shared keys and the like are all exact at both ends.
    >
    > I've seen similar behaviour where a tunnel won't come up in the past
    > if you try to VPN networks that exist within a route inside statement,
    > but this isn't the case here.
    >
    > I'd appreciate any pointers here.
    >
    > Thanks,
    >
    > Martin
     
    Scott Townsend, Apr 2, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sean McGrath
    Replies:
    0
    Views:
    1,984
    Sean McGrath
    Dec 29, 2003
  2. Steve Baker
    Replies:
    8
    Views:
    1,234
  3. Spoettel Otmar
    Replies:
    0
    Views:
    572
    Spoettel Otmar
    May 12, 2004
  4. Clemens Schwaighofer
    Replies:
    7
    Views:
    4,479
    Walter Roberson
    Jun 13, 2005
  5. Replies:
    1
    Views:
    415
    =?UTF-8?B?TWljaGHFgiBJd2Fzemtv?=
    Feb 22, 2007
Loading...

Share This Page