PIX Multiple IPSEC Tunnels

Discussion in 'Cisco' started by Shane Malden, Apr 12, 2005.

  1. Shane Malden

    Shane Malden Guest

    Hi, Just wondering if someone could explain to me a bit better on how the
    IPSEC Tunnels on a PIX work. We have an environment where we have our
    central HUB where the PIX's terminate. Between two of our sites most of the
    traffic is only between those two networks. For some reason the traffic
    comes down to the central PIX and back to the other site. We do have an
    IPSEC Tunnel between the two sites that need to communicate. Is there any
    prefence over routing policies (access-list) etc?

    access-list vpntraffictoSITE1 permit ip 10.33.96.0 255.255.255.0 10.33.64.0
    255.255.255.0
    access-list SITE2 permit ip 10.33.80.0 255.255.240.0 10.0.0.0 255.0.0.0
    access-list SITE2 permit ip 10.33.96.0 255.255.255.0 10.0.0.0 255.0.0.0

    sysopt connection permit-ipsec
    crypto ipsec transform-set SET-NAME esp-des esp-sha-hmac
    crypto map map_name 5 ipsec-isakmp
    crypto map map_name 5 match address vpntraffictoSITE1
    crypto map map_name 5 set peer w.x.y.z
    crypto map map_name 5 set transform-set SET_NAME
    crypto map map_name 30 ipsec-isakmp
    crypto map map_name 30 match address SITE2
    crypto map map_name 30 set peer h.i.j.k
    crypto map map_name 30 set transform-set SET-NAME
    crypto map map_name interface outside
    isakmp enable outside
    isakmp key ******** address w.x.y.z netmask 255.255.255.255
    isakmp key ******** address h.i.j.k netmask 255.255.255.255
    isakmp identity address
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption des
    isakmp policy 10 hash sha
    isakmp policy 10 group 1
    isakmp policy 10 lifetime 86400


    Any Suggestions?

    Regards,
    Shane
     
    Shane Malden, Apr 12, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.