RE: for PIX VPN gurus... [7:58448]

Tue, 03 Dec 2002 09:22:22 -0800 

Taking a guess, but could you specify multiple destination IP's under the
crypto map peer statement?

PIX#(config) crypto map TEST 10 set peer 10.20.30.1 10.20.30.2

PIX#(config) show crypto map
Crypto Map: "TEST" interfaces: { }

Crypto Map "TEST" 10 ipsec-isakmp
        Peer = 10.20.30.1
        Peer = 10.20.30.2
        No matching address list set.
        Current peer: 10.20.30.1
        Security association lifetime: 4608000 kilobytes/28800 seconds
        PFS (Y/N): N
        Transform sets={ }

I believe that this will first cause it to build to .1, and if it is
unavailable to .2
I would be curious as to how your going to handle the internal routing back
to the corporate site?
I think that would be a stumbling block from what I can tell.


Thanks

Larry
 

-----Original Message-----
From: Edward Sohn [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 03, 2002 11:14 AM
To: [EMAIL PROTECTED]
Subject: for PIX VPN gurus... [7:58448]


I have a requirement in which a single Headquarters PIX needs to VPN over
the internet to a single remote site which have two separate PIXes
(connected the same site LAN).  The goal is to introduce redundancy into the
VPN connection to the remote site.  Unfortunately, it has to be like this
due to the company's hardware limitations.

This is not a "classic" PIX failover configuration via the serial method
(515, 525, 535), but two separate PIX 506's connected separately to the same
LAN.

I can't find anywhere on CCO whether this config is supported, and the TAC
engineer is also clueless (he even said that he doesn't have a way to LAB it
up--can you believe that?.  This is Cisco we're talking about here).

Anyway, anybody ever done something like this?  Will this work?  Can
somebody test this?

BTW, I need to know ASAP, because the customer wants to implement this
immediately if it will work.

Thanks,

Eddie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58455&t=58448
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to