I am trying to build a VPN tunnel between a PIX 515 at site A and an ASA 505 at site B; Both the PIX and the ASA are serving as the firewall and router for their sites, and both are already terminators for vpn clients running on off-site PCs.
My goal is to install a server behind the PIX at site A, on a 192.168.2.0 network hanging off eth2 - and to have that server/network connected through the VPN tunnel to the 192.168.1.0 network behind the ASA at site B. I need for them to be able to see each other as two sites in an AD domain.
If I'm not explaining this clearly, please let me know.
I'm facing two challenges:
1) All the example material I can find on building VPN tunnels is on edge devices that are not also running firewall, internet routing, and VPN client services - and so I'm having some trouble applying the examples effectively.
2) I do not have any test equipment, and both devices need to provide VPN all the time. So far, every time I have attempted to create the tunnel it has failed and the existing VPN setup for clients broke as well. I can schedule short outage windows, but I do not really ever have enough time to just slog through it.
Of course my biggest challenge is that I haven't done this before. :-)
I have attached sanitized config files from the PIX at site A and the ASA at site B.
Is a VPN tunnel the best way to accomplish my goal with this equipment? Will it work in this situation? If so, what do I need to add to these configs?
If needed I can post more material about the attempts I made to get the tunnel working, the config changes I made, etc...
Thanks!
Start Free Trial
