We use a Pix 520 w/6 Ethernet interfaces and according to the information we
have received, clients can not pass information, via tunnel to tunnel, when
they terminate the tunnel at the same outside address. You would have to
use another Pix interface to terminate one of the tunnels and then build the
corresponding statements.
Good luck,
Mark
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Austin
Sent: Tuesday, December 26, 2000 1:38 PM
To: [EMAIL PROTECTED]
Subject: Re: Over the internet VPN class
Rik,
By hub I meant a Central PIX that terminates the other 2 PIXes.
I did not see any config attached to the last post.
"Rik Guyler" <[EMAIL PROTECTED]> wrote in message
A15A8664DC88D41197820008C70D908787DC@SMSNTFS2">news:A15A8664DC88D41197820008C70D908787DC@SMSNTFS2...
> Yes, there is a hub involved here, although in my lab, it is just a 3524XL
> switch, so I'm not clear on what you mean by "incorporates the other 2
> access lists". If this so called "hub" means something other than what we
> would most commonly associate with the term "hub", please clue me in.
>
> The sample config from CCO does indeed use the "isakmp identity address"
> statement, so that's covered. The "nat 0" statement is there with
> "access-list 100", which all looks fine to me.
>
> Attached is one of the sample configs. All 3 look pretty much the same,
> just swap addresses where appropriate.
>
> If you have any other hints or things to check, I appreciate everything!
>
> Rik Guyler
>
> -----Original Message-----
> From: Austin [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 26, 2000 11:46 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Over the internet VPN class
>
>
> Are you trying to have a PIX Hub configuration?
> Make sure that you have an access list on the Hub that incorporates the
> other 2 access lists. Also, use isakmp identity address and not host name.
> And then you might want to take a look at your nat (0) statements on all 3
> PIXes.
>
>
> "Rik Guyler" <[EMAIL PROTECTED]> wrote in message
> A15A8664DC88D41197820008C70D908787DA@SMSNTFS2">news:A15A8664DC88D41197820008C70D908787DA@SMSNTFS2...
> > Sorry Chuck, meant to send this to the whole list ;-}
> >
> > Chuck, a little begging here, but would you mind sharing your sanitized
> PIX
> > config for this VPN setup with me? I have been struggling with a 3-way
> VPN
> > setup (DES) and so far, have not been able to make it work.
> >
> > What I'm trying to do is create a 3-way VPN between 3 PIXes. I have
used
> > the CCO sample configs, but they appear not to work. A coworker of mine
> > also had a similar experience with the same config samples in a prior
> > attempt to do this.
> >
> > If anybody has any suggestions on this topic, I'm all ears. I've gone
> > through CCO pretty thoroughly (I believe) but haven't been able to find
> any
> > other truly revealing information. My PIX OS is version 5.1(2)
> >
> > Thanks,
> >
> > Rik Guyler
> >
> > -----Original Message-----
> > From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, December 20, 2000 7:59 PM
> > To: Cisco Mail List
> > Subject: Over the internet VPN class
> >
> >
> > OK, I think I can try this one again.
> >
> > Through the magic of the internet, I believe I have the means of setting
> up
> > my lab pod for some live VPN over the internet instruction.
> >
> > Weds. December 27, 5:00 p.m. Pacific, 8:00 p.m. eastern. I believe that
> > comes out to 1:00 a.m. Thursday December 27 GMT ( we're off daylight
> > savings, aren't we? :-> )
> >
> > I have received tentative concurrence from Dale Holmes that it will be
ok
> to
> > use the allnet chatsite as the means for running this informal class.
> > http://www.allnetllc.net/chat/ciscochat.htm
> >
> > Essentially, I will have IPSec 56 bit DES configured. Folks should be
able
> > to set up VPN tunnels to my routers, and potentially from there reach
> > eachother.
> >
> > I will be finishing up my study on this over the weekend, and will send
> out
> > another announcement. In the meantime, those who might be interested
might
> > want to look at how you might connect.
> > I have 2501 routers running 12.1 or so with IPSec DES
> >
> > Please do not e-mail me yet. All the details are not worked out. But
mark
> > your calendars.
> >
> > Chuck
> > ----------------------
> > I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your
life
> as
> > it has been is over ( if you hope to pass ) From this time forward, you
> will
> > study US!
> > ( apologies to the folks at Star Trek TNG )
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > ,
> >
> > This mail was processed by Mail essentials for Exchange/SMTP,
> > the email security & management gateway. Mail essentials adds
> > content checking, email encryption, anti spam, anti virus,
> > attachment compression, personalised auto responders, archiving
> > and more to your Microsoft Exchange Server or SMTP mail server.
> > For more information visit http://www.mailessentials.com
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> ,
>
> This mail was processed by Mail essentials for Exchange/SMTP,
> the email security & management gateway. Mail essentials adds
> content checking, email encryption, anti spam, anti virus,
> attachment compression, personalised auto responders, archiving
> and more to your Microsoft Exchange Server or SMTP mail server.
> For more information visit http://www.mailessentials.com
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
