2 Cisco PIX connected to same ISP connection
Hello,
I'm trying to create a VPN tunnel to my other site. The PIX 515E Firewall currently in use has a restricted license, so I cannot add another interface to it. I also have VPN client users that connect through this FW. When I had the site-to-site working before, the VPN users were not able to connect since the other tunnel was active.
I purchased another 515E FW, assuming I could bind another ISP address to 1 interface and be on my way. This plan was also assuming I could split the ISP connection with a basic switch and have both firewalls connected at the same time. Of course, it didn't work out this way. When I have both FWs connected at the same time, both external interfaces go up and down every couple seconds.
Is there something I am missing here or is this just not possible? I added a basic diagram so you could see what I am trying to accomplish here.
Thanks,
Matt
PIX1------
|-----Switch----ISP Cisco 1841 Router
PIX2------
I'm trying to create a VPN tunnel to my other site. The PIX 515E Firewall currently in use has a restricted license, so I cannot add another interface to it. I also have VPN client users that connect through this FW. When I had the site-to-site working before, the VPN users were not able to connect since the other tunnel was active.
I purchased another 515E FW, assuming I could bind another ISP address to 1 interface and be on my way. This plan was also assuming I could split the ISP connection with a basic switch and have both firewalls connected at the same time. Of course, it didn't work out this way. When I have both FWs connected at the same time, both external interfaces go up and down every couple seconds.
Is there something I am missing here or is this just not possible? I added a basic diagram so you could see what I am trying to accomplish here.
Thanks,
Matt
PIX1------
|-----Switch----ISP Cisco 1841 Router
PIX2------
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I can get copies of the main PIX config since if I could keep using one with it handling both site-to-site and remote access VPNs, that woud be great.
Each unit has its own adress, externally and internally. When I connect the 2 PIXs to the same switch, the external interfaces on both start going up and down, killing the internet connection.
Let me get the config and we can go from there.
Each unit has its own adress, externally and internally. When I connect the 2 PIXs to the same switch, the external interfaces on both start going up and down, killing the internet connection.
Let me get the config and we can go from there.
ASKER
Here is a cleaned copy of the config. I re-added the crypto map portions since I had to remove them previously while troubleshooting this issue.
Thanks for anything you can tell me!
Thanks for anything you can tell me!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My own research independent of this lead to me figuring out the correct solution.
ASKER