Pix 515 2 ipsec tunnels

Discussion in 'Cisco' started by chackamakka, Sep 10, 2004.

  1. chackamakka

    chackamakka Guest

    Dear,

    I have to configure a pix 515 with 2 ipsec tunnels.

    Tunnel 1 to ip 194.39.121.125 with crypto map lifetime 7200 sec
    4608000 kb
    isakmp pre-share, 3des, md5, df group 2, lifetime 86400

    Tunnel 2 to ip 194.172.90.194 with crypto map lifetime 3600
    isakmp pre-share, 3des, sha, df group 2, lifetime 86400

    Is this configuration correct? If not what does it have to be?

    crypto ipsec transform-set secure_OSS-set esp-3des esp-md5-hmac
    crypto ipsec transform-set schenker-pab-set esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 3600
    crypto map secure_OSS-map 10 ipsec-isakmp
    crypto map secure_OSS-map 10 match address secure_OSS
    crypto map secure_OSS-map 10 set peer 194.39.121.125
    crypto map secure_OSS-map 10 set transform-set secure_OSS-set
    crypto map secure_OSS-map 10 set security-association lifetime seconds
    7200 kilobytes 4608000
    crypto map schenker-pab-map 20 ipsec-isakmp
    crypto map schenker-pab-map 20 match address schenker-pab
    crypto map schenker-pab-map 20 set peer 194.172.90.194
    crypto map schenker-pab-map 20 set transform-set schenker-pab-set
    crypto map schenker-pab-map 20 set security-association lifetime
    seconds 3600
    crypto map schenker-pab-map interface outside
    isakmp enable outside
    isakmp key ******** address 194.39.121.125 netmask 255.255.255.255
    isakmp key ******** address 194.172.90.194 netmask 255.255.255.255
    isakmp identity address
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption 3des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption 3des
    isakmp policy 20 hash sha
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400

    Can anyone help, this is all kind of new to me.

    Thanks already

    gr,
    Philippe Meskens
    chackamakka, Sep 10, 2004
    #1
    1. Advertising

  2. In article <>,
    chackamakka <> wrote:
    :I have to configure a pix 515 with 2 ipsec tunnels.

    :Is this configuration correct? If not what does it have to be?

    :crypto map secure_OSS-map 10 ipsec-isakmp

    :crypto map schenker-pab-map 20 ipsec-isakmp

    No, if you want multiple IPSec tunnels to terminate on the same
    interface, then they must all use the same crypto-map name (with
    different policy numbers.) You can only have one crypto-map name
    active at a time on a [logical] interface.
    --
    Warhol's Law: every Usenet user is entitled to his or her very own
    fifteen minutes of flame -- The Squoire
    Walter Roberson, Sep 10, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul McLaren
    Replies:
    3
    Views:
    3,734
    Paul McLaren
    Jul 17, 2003
  2. chackamakka

    pix 515 2 ipsec tunnels

    chackamakka, Sep 14, 2004, in forum: Cisco
    Replies:
    1
    Views:
    587
    mcaissie
    Sep 15, 2004
  3. Scott Townsend
    Replies:
    8
    Views:
    688
    Roman Nakhmanson
    Feb 22, 2006
  4. ljorg
    Replies:
    0
    Views:
    484
    ljorg
    Nov 22, 2006
  5. philbo30
    Replies:
    1
    Views:
    653
    Walter Roberson
    Apr 12, 2007
Loading...

Share This Page