FWSM 3.1(1) and Site-to-site VPN

Discussion in 'Cisco' started by Hoffa, Sep 14, 2006.

  1. Hoffa

    Hoffa Guest

    Is this feature enabled in FWSM? I've been trying to get this working
    for some day now and get no results at all. I'm not even getting any
    results from the debug crypto commands

    Regards
    Fredrik Hofgren
    Hoffa, Sep 14, 2006
    #1
    1. Advertising

  2. Hi Fredrik,

    The FWSM can connect to another VPN concentrator, such as a Cisco PIX
    firewall or a Cisco IOS router, using a site-to-site tunnel.

    You specify the peer networks that can communicate over the tunnel.

    In the case of the FWSM, the only address available on the FWSM end of
    the tunnel is the interface itself.

    Allowing a VPN Management Connection

    http://www.cisco.com/en/US/products..._guide_chapter09186a00802010bb.html#wp1143031

    Hope this helps.

    Brad Reese
    BradReese.Com - Cisco Salary and Compensation Rates
    http://www.bradreese.com/compensation-database.htm
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA & Canada: 877-549-2680
    International: 828-277-7272
    Fax: 775-254-3558
    AIM: R2MGrant
    BradReese.Com - Cisco Job Databases
    http://www.bradreese.com/cisco-job-databases.htm
    www.BradReese.Com, Sep 14, 2006
    #2
    1. Advertising

  3. In article <>,
    Hoffa <> wrote:
    >Is this feature enabled in FWSM? I've been trying to get this working
    >for some day now and get no results at all. I'm not even getting any
    >results from the debug crypto commands


    Brad indicated in his reply that a "management VPN" could be set up.
    I don't know if that is the case; if it is, then it would only
    be useful for connecting to the FWSM to manage it (e.g., talk to
    the CLI, or ping the management interface). "management" VPNs
    use the other kind of IPSec connection -- a kind in which the
    specifications say firmly that the VPN must only be used between
    endpoints and never ever used to pass packets -beyond- the security
    gateway.

    For the regular kind of IPSec tunnel, that allows LAN to LAN connections,
    the answer is NO. The FWSM was deliberately restricted to security,
    and you need the VPNSM (VPN Services Module) for VPN services.
    Walter Roberson, Sep 14, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rick Stromberg
    Replies:
    7
    Views:
    9,888
    luisjimher
    Jun 3, 2011
  2. Nathan Simpson

    Incoming VPN and site to site VPN problems

    Nathan Simpson, Aug 14, 2004, in forum: Cisco
    Replies:
    1
    Views:
    492
  3. Faxander

    client vpn and vpn site-to-site

    Faxander, Jan 27, 2005, in forum: Cisco
    Replies:
    0
    Views:
    525
    Faxander
    Jan 27, 2005
  4. Robert
    Replies:
    3
    Views:
    2,092
    Robert
    Dec 14, 2005
  5. pasatealinux
    Replies:
    1
    Views:
    2,036
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page