RE: for PIX VPN gurus... [7:58448]

Tue, 03 Dec 2002 14:24:02 -0800 

Larry,

Good find, however, we are GRE tunneling EIGRP across
sites.  This is before the PIXes.

Thanks,

Ed

--- "Roberts, Larry" 
wrote:
> Taking a guess, but could you specify multiple
> destination IP's under the
> crypto map peer statement?
> 
> PIX#(config) crypto map TEST 10 set peer 10.20.30.1
> 10.20.30.2
> 
> PIX#(config) show crypto map
> Crypto Map: "TEST" interfaces: { }
> 
> Crypto Map "TEST" 10 ipsec-isakmp
>         Peer = 10.20.30.1
>         Peer = 10.20.30.2
>         No matching address list set.
>         Current peer: 10.20.30.1
>         Security association lifetime: 4608000
> kilobytes/28800 seconds
>         PFS (Y/N): N
>         Transform sets={ }
> 
> I believe that this will first cause it to build to
> .1, and if it is
> unavailable to .2
> I would be curious as to how your going to handle
> the internal routing back
> to the corporate site?
> I think that would be a stumbling block from what I
> can tell.
> 
> 
> Thanks
> 
> Larry
>  
> 
> -----Original Message-----
> From: Edward Sohn [mailto:[EMAIL PROTECTED]] 
> Sent: Tuesday, December 03, 2002 11:14 AM
> To: [EMAIL PROTECTED]
> Subject: for PIX VPN gurus... [7:58448]
> 
> 
> I have a requirement in which a single Headquarters
> PIX needs to VPN over
> the internet to a single remote site which have two
> separate PIXes
> (connected the same site LAN).  The goal is to
> introduce redundancy into the
> VPN connection to the remote site.  Unfortunately,
> it has to be like this
> due to the company's hardware limitations.
> 
> This is not a "classic" PIX failover configuration
> via the serial method
> (515, 525, 535), but two separate PIX 506's
> connected separately to the same
> LAN.
> 
> I can't find anywhere on CCO whether this config is
> supported, and the TAC
> engineer is also clueless (he even said that he
> doesn't have a way to LAB it
> up--can you believe that?.  This is Cisco we're
> talking about here).
> 
> Anyway, anybody ever done something like this?  Will
> this work?  Can
> somebody test this?
> 
> BTW, I need to know ASAP, because the customer wants
> to implement this
> immediately if it will work.
> 
> Thanks,
> 
> Eddie
[EMAIL PROTECTED]


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58491&t=58448
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to