Cisco PIX VPN Routing Problems
I have several sites sucessfully connecting via VPN to a central site at a data center (hub and spoke). Two of these sites need to access all of the other sites using the VPN connections. Most of the remote sites are using Linksys VPN routers, the data center and downtown sites are using PIX firewalls.
I'm trying to get the downtown site to route to another site across the central site. I believe I have the downtown PIX configured correctly because I'm seeing traffic hit the ACL for both the nat 0 and crypto map on the that PIX. However, I don't see any of the traffic going into the data center PIX. I've attached the key parts of the configuration for both sites. Can someone tell me what I've configured wrong? Thanks.
Downtown 10.10.128.0 /24
Data Center 10.10.17.0 /24
Remote site (Mike) 10.20.1.0/24
PIX-Cleaned.txt
I'm trying to get the downtown site to route to another site across the central site. I believe I have the downtown PIX configured correctly because I'm seeing traffic hit the ACL for both the nat 0 and crypto map on the that PIX. However, I don't see any of the traffic going into the data center PIX. I've attached the key parts of the configuration for both sites. Can someone tell me what I've configured wrong? Thanks.
Downtown 10.10.128.0 /24
Data Center 10.10.17.0 /24
Remote site (Mike) 10.20.1.0/24
PIX-Cleaned.txt
Rick_O_Shay
I don't know PIX VPN configs but is there a reason you don't just create a new tunnel between downtown and the remote vs complicating it with an extra VPN/Router in the middle?
ASKER
I've considered that solution but there's several sites (10) that need to be connected which takes quite a bit of time to configure and can't be centrally managed.
In that case you need to have the core site be able to route back out to go site to site but I don't know how to set that up on your platform.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Both PIX's are 515E and running 6.3(5). Can the downtown PIX (spoke) stay at 6.3 or does it also have to be upgraded to 7.0?
with 6.3(5), it won't be possible. You need to be on 7.x. Only the hub matters, the spoke can remain at the current version.
Cheers,
rsivanandan
Cheers,
rsivanandan
The 515E is upgradeablr to 7.x if you meet the memory reqs. I think it's 256mb. However you'd need an active smartnet to get it. I would call your vendor about the smartnet if you don't already have one as I don't believe you can just do a one time purchase to get the 7.x or 8.x code. Rajesh can correct me if I'm wrong on that one
I guess yes, you need to have a smartnet.
Cheers,
rsivanandan
Cheers,
rsivanandan
ASKER
Thanks for the info, I'll be looking into a SmartNet contract.