Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
-
Multiple IPSEC VPN on PIX
In my PIX ACLs I don't use numbers, like access-list 110. I use the name of the office, ie access-list boise, or access-list portland, etc. That way I don't get too confused.- jims88
- Post #12
- Forum: Security, hacker detection & forensics
-
PAT via inside interface
Are you saying that your vpn users are using a vpn client to connect to your PIX and get assigned an address from a pool? Can you explain the topology a little more?- jims88
- Post #3
- Forum: Security, hacker detection & forensics
-
EIGRP updates over VPN
Since you're using two PIX's for your VPN, I assume you're using IPSec. The problem that you're running into is that you can't pass routing protocols, including EIGRP, across IPSec. If you used two IOS Routers, you could run IPSec across GRE tunnels, which would then pass EIGRP. Take a look...- jims88
- Post #5
- Forum: Security, hacker detection & forensics
-
Multiple IPSEC VPN on PIX
I have three IPSec VPN's tied to my PIX, and have no problems. My config is similar to what ianbla suggests, although I've aggregated the addresses into a single supersetted block. This works fine for the NAT entries, but not for the crypto map's. In ianbla's example, if 110 is used for the...- jims88
- Post #8
- Forum: Security, hacker detection & forensics
