Adding site-to-site VPNs to existing PIXs -- PDM?

Discussion in 'Cisco' started by Chris, Jul 24, 2006.

  1. Chris

    Chris Guest

    I've inherited a PIX 501 at a central office, which has site-to-site
    VPNs to around a half dozen remote offices. Now, I need to add another
    remote office; so I need to configure both the remote 501 from scratch
    as well as adding another VPN to the existing central office 501.

    I hurriedly tried getting a site-to-site VPN set up with the CLI on the
    PIXes, but for whatever reason it failed. Anyhow, I am in a hurry
    (again) and have wondered if using PDM would be a reasonable way to
    accomplish this. Can I just log into PDM on both central & remote
    offices, enter pretty much the same information (except for peer IPs,
    etc) and expect it to work? Or is PDM a little on the flaky side?

    Thanks,


    Chris
     
    Chris, Jul 24, 2006
    #1
    1. Advertisements

  2. Hi Chris,

    You may find Cisco's Troubleshooting PIX Device Manager helpful:

    http://www.cisco.com/en/US/partner/...2030/products_tech_note09186a0080094ac1.shtml

    Sincerely,

    Brad Reese
    BradReese.Com - Refurbished Cisco PIX Firewall Guide
    http://www.bradreese.com/refurbished-cisco-pix-firewalls.htm
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA & Canada: 877-549-2680
    International: 828-277-7272
    Fax: 775-254-3558
    AIM: R2MGrant
    BradReese.Com - Cisco Jobs
    http://www.bradreese.com/hot-jobs.htm
     
    www.BradReese.Com, Jul 24, 2006
    #2
    1. Advertisements

  3. www.BradReese.Com, Jul 24, 2006
    #3
  4. Chris

    Blake

    Joined:
    Jul 19, 2006
    Messages:
    5
    Likes Received:
    0
    Should be easy to troubleshoot with CLI, the biggest problem i find with site-to-site is that the isakmp keys dont match on both sides. I try to stay clear of the PDM when at all possible, just seems very hard to learn anything from using that GUI.

    Did you make sure to use sysopt connection permit-ipsec? I really enjoy troubleshooting this type of stuff is why i ask
     
    Blake, Jul 24, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.