Vijay, start with a list per dest lan:
access-list customerx 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0 then a map per dest lan crypto map fingerhut x ipsec-isakmp crypto map fingerhut x match address customerx crypto map fingerhut x set peer x.x.x.x crypto map fingerhut x set transform-set vcustomer crypto map fingerhut interface outside ISAkmp isakmp key **NEWKEYNEWCUSTO** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode off the top of myn hat Martijn -----Oorspronkelijk bericht----- Van: Vijay M [mailto:[EMAIL PROTECTED] Verzonden: zaterdag 2 augustus 2003 17:23 Aan: [EMAIL PROTECTED] Onderwerp: Re: IPSec and IKE [7:23599] hello, I want to know that i am already having IPsec VPN connectivity with 2 different PIX 515s, can i have 1 more connection onto the same PIX515. I mean these commands:- crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-md5-hmac crypto ipsec transform-set vcustomer esp-3des esp-md5-hmac crypto map fingerhut 1 ipsec-isakmp crypto map fingerhut 1 match address 1 crypto map fingerhut 1 set peer a.b.c.d crypto map fingerhut 1 set transform-set vcustomer crypto map fingerhut 2 ipsec-isakmp crypto map fingerhut 2 match address 2 crypto map fingerhut 2 set peer x.y.z.a crypto map fingerhut 2 set transform-set vcustomer crypto map fingerhut interface outside isakmp enable outside isakmp key ******** address a.b.c.d netmask 255.255.255.255 no-xauth no-co nfig-mode isakmp key ******** address x.y.z.a netmask 255.255.255.255 no-xauth no-c onfig-mode isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 1000 ""Theodore stout"" wrote in message news:[EMAIL PROTECTED] > Personally speaking I am confused too. I am a CCSE and passed MCNS with > perfect points on both on the IPSEC section and I still don't understand it > perfectly. I can use the isakmp, crypto, and FW-1 commands effortlessly yet > I really still don't know what the real difference is between IPSEC and > IKE. I even read that like 70 page file from Cisco, deploying IPSec blah > blah and I was just more confused. What I do really understand it ESP and > AH. That is really clear and necessary to understand for transform sets. > > Watch me get a perfect on this section tomorrow on the Advanced PIX and > still not really have a clue! > > Peace > > Theo **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73467&t=23599 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
