Yes, there is a hub involved here, although in my lab, it is just a 3524XL
switch, so I'm not clear on what you mean by "incorporates the other 2
access lists". If this so called "hub" means something other than what we
would most commonly associate with the term "hub", please clue me in.
The sample config from CCO does indeed use the "isakmp identity address"
statement, so that's covered. The "nat 0" statement is there with
"access-list 100", which all looks fine to me.
Attached is one of the sample configs. All 3 look pretty much the same,
just swap addresses where appropriate.
If you have any other hints or things to check, I appreciate everything!
Rik Guyler
-----Original Message-----
From: Austin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 26, 2000 11:46 AM
To: [EMAIL PROTECTED]
Subject: Re: Over the internet VPN class
Are you trying to have a PIX Hub configuration?
Make sure that you have an access list on the Hub that incorporates the
other 2 access lists. Also, use isakmp identity address and not host name.
And then you might want to take a look at your nat (0) statements on all 3
PIXes.
"Rik Guyler" <[EMAIL PROTECTED]> wrote in message
A15A8664DC88D41197820008C70D908787DA@SMSNTFS2">news:A15A8664DC88D41197820008C70D908787DA@SMSNTFS2...
> Sorry Chuck, meant to send this to the whole list ;-}
>
> Chuck, a little begging here, but would you mind sharing your sanitized
PIX
> config for this VPN setup with me? I have been struggling with a 3-way
VPN
> setup (DES) and so far, have not been able to make it work.
>
> What I'm trying to do is create a 3-way VPN between 3 PIXes. I have used
> the CCO sample configs, but they appear not to work. A coworker of mine
> also had a similar experience with the same config samples in a prior
> attempt to do this.
>
> If anybody has any suggestions on this topic, I'm all ears. I've gone
> through CCO pretty thoroughly (I believe) but haven't been able to find
any
> other truly revealing information. My PIX OS is version 5.1(2)
>
> Thanks,
>
> Rik Guyler
>
> -----Original Message-----
> From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, December 20, 2000 7:59 PM
> To: Cisco Mail List
> Subject: Over the internet VPN class
>
>
> OK, I think I can try this one again.
>
> Through the magic of the internet, I believe I have the means of setting
up
> my lab pod for some live VPN over the internet instruction.
>
> Weds. December 27, 5:00 p.m. Pacific, 8:00 p.m. eastern. I believe that
> comes out to 1:00 a.m. Thursday December 27 GMT ( we're off daylight
> savings, aren't we? :-> )
>
> I have received tentative concurrence from Dale Holmes that it will be ok
to
> use the allnet chatsite as the means for running this informal class.
> http://www.allnetllc.net/chat/ciscochat.htm
>
> Essentially, I will have IPSec 56 bit DES configured. Folks should be able
> to set up VPN tunnels to my routers, and potentially from there reach
> eachother.
>
> I will be finishing up my study on this over the weekend, and will send
out
> another announcement. In the meantime, those who might be interested might
> want to look at how you might connect.
> I have 2501 routers running 12.1 or so with IPSec DES
>
> Please do not e-mail me yet. All the details are not worked out. But mark
> your calendars.
>
> Chuck
> ----------------------
> I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life
as
> it has been is over ( if you hope to pass ) From this time forward, you
will
> study US!
> ( apologies to the folks at Star Trek TNG )
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> ,
>
> This mail was processed by Mail essentials for Exchange/SMTP,
> the email security & management gateway. Mail essentials adds
> content checking, email encryption, anti spam, anti virus,
> attachment compression, personalised auto responders, archiving
> and more to your Microsoft Exchange Server or SMTP mail server.
> For more information visit http://www.mailessentials.com
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
,
This mail was processed by Mail essentials for Exchange/SMTP,
the email security & management gateway. Mail essentials adds
content checking, email encryption, anti spam, anti virus,
attachment compression, personalised auto responders, archiving
and more to your Microsoft Exchange Server or SMTP mail server.
For more information visit http://www.mailessentials.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
