Pix 515 2 ipsec tunnels

Discussion in 'Cisco' started by chackamakka, Sep 10, 2004.

  1. chackamakka

    chackamakka Guest

    Dear,

    I have to configure a pix 515 with 2 ipsec tunnels.

    Tunnel 1 to ip 194.39.121.125 with crypto map lifetime 7200 sec
    4608000 kb
    isakmp pre-share, 3des, md5, df group 2, lifetime 86400

    Tunnel 2 to ip 194.172.90.194 with crypto map lifetime 3600
    isakmp pre-share, 3des, sha, df group 2, lifetime 86400

    Is this configuration correct? If not what does it have to be?

    crypto ipsec transform-set secure_OSS-set esp-3des esp-md5-hmac
    crypto ipsec transform-set schenker-pab-set esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 3600
    crypto map secure_OSS-map 10 ipsec-isakmp
    crypto map secure_OSS-map 10 match address secure_OSS
    crypto map secure_OSS-map 10 set peer 194.39.121.125
    crypto map secure_OSS-map 10 set transform-set secure_OSS-set
    crypto map secure_OSS-map 10 set security-association lifetime seconds
    7200 kilobytes 4608000
    crypto map schenker-pab-map 20 ipsec-isakmp
    crypto map schenker-pab-map 20 match address schenker-pab
    crypto map schenker-pab-map 20 set peer 194.172.90.194
    crypto map schenker-pab-map 20 set transform-set schenker-pab-set
    crypto map schenker-pab-map 20 set security-association lifetime
    seconds 3600
    crypto map schenker-pab-map interface outside
    isakmp enable outside
    isakmp key ******** address 194.39.121.125 netmask 255.255.255.255
    isakmp key ******** address 194.172.90.194 netmask 255.255.255.255
    isakmp identity address
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption 3des
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption 3des
    isakmp policy 20 hash sha
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400

    Can anyone help, this is all kind of new to me.

    Thanks already

    gr,
    Philippe Meskens
     
    chackamakka, Sep 10, 2004
    #1
    1. Advertisements

  2. :I have to configure a pix 515 with 2 ipsec tunnels.

    :Is this configuration correct? If not what does it have to be?

    :crypto map secure_OSS-map 10 ipsec-isakmp

    :crypto map schenker-pab-map 20 ipsec-isakmp

    No, if you want multiple IPSec tunnels to terminate on the same
    interface, then they must all use the same crypto-map name (with
    different policy numbers.) You can only have one crypto-map name
    active at a time on a [logical] interface.
     
    Walter Roberson, Sep 10, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.