Hello, I don't have so much expirience with cisco pix and now i need to configure a pix firewall who bields up 2 ipsec tunnels with 2 branches. So I created a config but am not sure if it's correct. Can anyone have a look or does anyone have any suggestion? crypto ipsec transform-set ipsec_1-set esp-3des esp-md5-hmac crypto ipsec security-association lifetime seconds 7200 crypto map ipsec_1-map 10 ipsec-isakmp crypto map ipsec_1-map 10 match address ipsec_1 crypto map ipsec_1-map 10 set peer <public peer ip address branch 1> crypto map ipsec_1-map 10 set transform-set ipsec_1-set crypto map ipsec_1-map interface outside crypto ipsec transform-set ipsec_2-set esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 3600 crypto map ipsec_2-map 20 ipsec-isakmp crypto map ipsec_2-map 20 match address ipsec_2 crypto map ipsec_2-map 20 set peer <public peer ip address branch 2> crypto map ipsec_2-map 20 set transform-set ipsec_2-set crypto map ipsec_2-map interface outside isakmp enable outside isakmp key <encryption key 1> address <public peer ip address branch 1> netmask 255.255.255.255 isakmp key <encryption key 2> address <public peer ip address branch 2> netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash md5 isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 Or is it supposed to be: crypto ipsec transform-set ipsec_1-set esp-3des esp-md5-hmac crypto ipsec security-association lifetime seconds 7200 crypto map ipsec_1-map 10 ipsec-isakmp crypto map ipsec_1-map 10 match address ipsec_1 crypto map ipsec_1-map 10 set peer <public peer ip address branch 1> crypto map ipsec_1-map 10 set transform-set ipsec_1-set crypto map ipsec_1-map interface outside crypto ipsec transform-set ipsec_2-set esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 3600 crypto map ipsec_2-map 10 ipsec-isakmp crypto map ipsec_2-map 10 match address ipsec_2 crypto map ipsec_2-map 10 set peer <public peer ip address branch 2> crypto map ipsec_2-map 10 set transform-set ipsec_2-set crypto map ipsec_2-map interface outside isakmp enable outside isakmp key <encryption key 1> address <public peer ip address branch 1> netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp enable outside isakmp key <encryption key 2> address <public peer ip address branch 2> netmask 255.255.255.255 isakmp identity address isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash sha isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 I left out the access-list and ... because this is the part I'm not sure about. Does anyone have any idea of what's correct or wrong? Thanks already! Chackamakka
