Adding site-to-site VPNs to existing PIXs -- PDM?

Discussion in 'Cisco' started by Chris, Jul 24, 2006.

  1. Chris

    Chris Guest

    I've inherited a PIX 501 at a central office, which has site-to-site
    VPNs to around a half dozen remote offices. Now, I need to add another
    remote office; so I need to configure both the remote 501 from scratch
    as well as adding another VPN to the existing central office 501.

    I hurriedly tried getting a site-to-site VPN set up with the CLI on the
    PIXes, but for whatever reason it failed. Anyhow, I am in a hurry
    (again) and have wondered if using PDM would be a reasonable way to
    accomplish this. Can I just log into PDM on both central & remote
    offices, enter pretty much the same information (except for peer IPs,
    etc) and expect it to work? Or is PDM a little on the flaky side?


    Chris, Jul 24, 2006
  2. Hi Chris,

    You may find Cisco's Troubleshooting PIX Device Manager helpful:


    Brad Reese
    BradReese.Com - Refurbished Cisco PIX Firewall Guide
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA & Canada: 877-549-2680
    International: 828-277-7272
    Fax: 775-254-3558
    AIM: R2MGrant
    BradReese.Com - Cisco Jobs
    www.BradReese.Com, Jul 24, 2006
  4. Chris


    Jul 19, 2006
    Likes Received:
    Should be easy to troubleshoot with CLI, the biggest problem i find with site-to-site is that the isakmp keys dont match on both sides. I try to stay clear of the PDM when at all possible, just seems very hard to learn anything from using that GUI.

    Did you make sure to use sysopt connection permit-ipsec? I really enjoy troubleshooting this type of stuff is why i ask
    Blake, Jul 24, 2006
