Re: [fw-wiz] Pix 520 tunnels
- From: Paul Melson <pmelson@xxxxxxxxx>
- Date: Wed, 24 Jun 2009 07:47:36 -0400
On Tue, Jun 23, 2009 at 12:08 PM, Halchishak, John<jhalchishak@xxxxxxxxx> wrote:
We have two pix (actually three, one failover) 520s that I’m trying to setup
multiple tunnels. The two office locations have a tunnel up between them
with 2 peer address on the main end and a single on the other. We have need
to establish other tunnels at various times to clients. I can’t seem to get
a second tunnel up without adding it to the existing named tunnel config as
a third peer and even then it tends to flap our tunnel between the offices.
Is there some way to accomplish this scenario without causing our tunnel
problems?
Yes. I'm betting that the problem is in the way you have the
crypto-map match access-lists configured. Seeing the config would be
helpful to diagnosing the issue.
You may also have a problem with the actual version of PIX OS you're
running. Also, at this point, since the 520's are so old that their
replacement model (525) has been end-of-life for 2 years, replacing
them is pretty much imminent. And since the ASA's have all new VPN
code (based on the VPN3K), mesh and hub & spoke VPN tunnels work a lot
better.
PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Pix 520 tunnels
- From: Halchishak, John
- [fw-wiz] Pix 520 tunnels
- Prev by Date: Re: [fw-wiz] Pix 520 tunnels
- Next by Date: Re: [fw-wiz] firewall-wizards Digest, Vol 38, Issue 11
- Previous by thread: Re: [fw-wiz] Pix 520 tunnels
- Index(es):
Relevant Pages
|
