setting up site-2-site with PIX 506e VPN Wizard

Discussion in 'Cisco' started by cisco, Feb 16, 2007.

  1. cisco

    cisco Guest

    Hi All: looking for an introduction on setting up a site-to-site vpn between
    two PIX 506e using the wizard.

    Pix 1 has inside IF 192.168.0/24
    Pix 2 has inside IF 192.168.1/24

    I want to enable 192.168.0.10 to connect to 192.168.1.15

    I tried to step through the wizard, but am stuck at what to configure for
    the remote IPSec Traffic Selector.

    If I select the inside IF of PIX 2 and enter 192.168.1.15 as the termination
    point, I'm prompted to provide a static route. Am I setting it up correctly
    up to that point? If so, what IP/IF would I want to specify for the route?

    TIA
    cisco, Feb 16, 2007
    #1
    1. Advertising

  2. cisco

    AM Guest

    cisco wrote:

    > Hi All: looking for an introduction on setting up a site-to-site vpn between
    > two PIX 506e using the wizard.
    >
    > Pix 1 has inside IF 192.168.0/24
    > Pix 2 has inside IF 192.168.1/24
    >
    > I want to enable 192.168.0.10 to connect to 192.168.1.15


    I could suggest you to set up a real LAN to LAN VPN based on IP traffic between 192.168.0.0/24 and 192.168.1.0/24.
    Then you can manage which kind of traffic allow on the tunnel using traditional ACL list applied on incoming interface
    (usually "inside") from the starting device.

    This way you don't have to re-build the tunnel each time you need more traffic to pass through it but just to adjust the
    filtering ACL (not that defines the interesting traffic of the VPN or better the encrypted one)

    HTH Alex
    AM, Feb 16, 2007
    #2
    1. Advertising

  3. cisco

    cisco Guest

    >> Hi All: looking for an introduction on setting up a site-to-site vpn
    >> between two PIX 506e using the wizard.
    >>
    >> Pix 1 has inside IF 192.168.0/24
    >> Pix 2 has inside IF 192.168.1/24
    >>
    >> I want to enable 192.168.0.10 to connect to 192.168.1.15

    >
    > I could suggest you to set up a real LAN to LAN VPN based on IP traffic
    > between 192.168.0.0/24 and 192.168.1.0/24.
    > Then you can manage which kind of traffic allow on the tunnel using
    > traditional ACL list applied on incoming interface (usually "inside") from
    > the starting device.
    >
    > This way you don't have to re-build the tunnel each time you need more
    > traffic to pass through it but just to adjust the filtering ACL (not that
    > defines the interesting traffic of the VPN or better the encrypted one)


    Thanks, but I'm not sure I understand how a "lan-to-lan" VPN differs from
    what I'm doing? I barely grok the VPN Wizard as it is <g>.

    I also don't understand "rebuilding the tunnel each time you need more
    traffic to pass through"...is the site-to-site VPN restricted in some way?

    Allow me to clarify that this is to allow periodic connections between two
    SQL Servers, although the actual data being transfered is quite modest.

    PIX 1 is on a 10-Mbit line, and PIX 2 is on a 3-Mbit static DSL connection.

    Thanks again for your help!
    cisco, Feb 16, 2007
    #3
  4. cisco

    cisco Guest

    >> Hi All: looking for an introduction on setting up a site-to-site vpn
    >> between two PIX 506e using the wizard.
    >>
    >> Pix 1 has inside IF 192.168.0/24
    >> Pix 2 has inside IF 192.168.1/24
    >>
    >> I want to enable 192.168.0.10 to connect to 192.168.1.15

    >
    > I could suggest you to set up a real LAN to LAN VPN based on IP traffic
    > between 192.168.0.0/24 and 192.168.1.0/24.
    > Then you can manage which kind of traffic allow on the tunnel using
    > traditional ACL list applied on incoming interface (usually "inside") from
    > the starting device.
    >
    > This way you don't have to re-build the tunnel each time you need more
    > traffic to pass through it but just to adjust the filtering ACL (not that
    > defines the interesting traffic of the VPN or better the encrypted one)


    I understand what you're saying, but I still am not clear on the initial
    configuration of the remote site in the wizard.

    I add 192.168.0/24 for the local site (PIX 1), but which IF and IP address
    do I specify for the remote site (PIX 2)?

    192.168.1/24 and the inside IF?
    or
    the public IP and outside IF?
    cisco, Feb 17, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    2
    Views:
    2,685
  2. Lou Chorich

    Site-to-Site VPN with PIX 506E

    Lou Chorich, Dec 27, 2003, in forum: Cisco
    Replies:
    1
    Views:
    644
    Rik Bain
    Dec 27, 2003
  3. Replies:
    3
    Views:
    3,716
    Jyri Korhonen
    Jun 5, 2005
  4. t_oldham
    Replies:
    4
    Views:
    3,339
    security_123@
    Aug 12, 2005
  5. wtpandar

    PIX 506e Site to site VPN

    wtpandar, Sep 8, 2006, in forum: Cisco
    Replies:
    1
    Views:
    556
    wtpandar
    Sep 8, 2006
Loading...

Share This Page