I have managed to configure a site to site vpn using to cisco pix 501
where Site A has static Public IP and Site b has dynamic IP
i now want to add a third site C which will have a dynamic public IP.
1) do i simply enter the same config of Site B into Site C except to change correct local IP addresses?
2) do i need to add config to site A?
2) will site B & C able to access resources either site?
Below is the config for the current sites
i think the tunnel is initiated by site B
Below is the VPN config on the Pix at site A:
isamkmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp key 12345678 address 0.0.0.0 netmask 0.0.0.0
access-list 100 permit ip 192.168.16.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (inside) 0 access-list 100
crypto ipsec transam-set myset esp-des esp-md5-hmac
crypto dynamic-map cisco 1 set transform-set myset
crypto map dyn-map 20 ipsec-isakmp dynamic cisco
crypto map dyn-map interface outside
sysopt connection permit-ipsec
VPN config at site B
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20encryption des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp key ******** address 217.xx.xx.xx netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
access-list NoNat permit ip 192.168.2.0 255.255.255.0 192.168.16.0 255.255.255.0
nat (inside) 0 access-list NoNat
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map newmap 20 ipsec-isakmp
crypto map newmap 20 match address NoNat
crypto map newmap 20 set peer 217.xx.xx.xx
crypto map newmap 20 set transform-set myset
crypto map newmap interface outside
sysopt connection permit-ipsec
Nazmul
where Site A has static Public IP and Site b has dynamic IP
i now want to add a third site C which will have a dynamic public IP.
1) do i simply enter the same config of Site B into Site C except to change correct local IP addresses?
2) do i need to add config to site A?
2) will site B & C able to access resources either site?
Below is the config for the current sites
i think the tunnel is initiated by site B
Below is the VPN config on the Pix at site A:
isamkmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp key 12345678 address 0.0.0.0 netmask 0.0.0.0
access-list 100 permit ip 192.168.16.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (inside) 0 access-list 100
crypto ipsec transam-set myset esp-des esp-md5-hmac
crypto dynamic-map cisco 1 set transform-set myset
crypto map dyn-map 20 ipsec-isakmp dynamic cisco
crypto map dyn-map interface outside
sysopt connection permit-ipsec
VPN config at site B
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20encryption des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp key ******** address 217.xx.xx.xx netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
access-list NoNat permit ip 192.168.2.0 255.255.255.0 192.168.16.0 255.255.255.0
nat (inside) 0 access-list NoNat
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map newmap 20 ipsec-isakmp
crypto map newmap 20 match address NoNat
crypto map newmap 20 set peer 217.xx.xx.xx
crypto map newmap 20 set transform-set myset
crypto map newmap interface outside
sysopt connection permit-ipsec
Nazmul
