Rik,
By hub I meant a Central PIX that terminates the other 2 PIXes.
I did not see any config attached to the last post.
"Rik Guyler" <[EMAIL PROTECTED]> wrote in message
A15A8664DC88D41197820008C70D908787DC@SMSNTFS2">news:A15A8664DC88D41197820008C70D908787DC@SMSNTFS2...
> Yes, there is a hub involved here, although in my lab, it is just a 3524XL
> switch, so I'm not clear on what you mean by "incorporates the other 2
> access lists". If this so called "hub" means something other than what we
> would most commonly associate with the term "hub", please clue me in.
>
> The sample config from CCO does indeed use the "isakmp identity address"
> statement, so that's covered. The "nat 0" statement is there with
> "access-list 100", which all looks fine to me.
>
> Attached is one of the sample configs. All 3 look pretty much the same,
> just swap addresses where appropriate.
>
> If you have any other hints or things to check, I appreciate everything!
>
> Rik Guyler
>
> -----Original Message-----
> From: Austin [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 26, 2000 11:46 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Over the internet VPN class
>
>
> Are you trying to have a PIX Hub configuration?
> Make sure that you have an access list on the Hub that incorporates the
> other 2 access lists. Also, use isakmp identity address and not host name.
> And then you might want to take a look at your nat (0) statements on all 3
> PIXes.
>
>
> "Rik Guyler" <[EMAIL PROTECTED]> wrote in message
> A15A8664DC88D41197820008C70D908787DA@SMSNTFS2">news:A15A8664DC88D41197820008C70D908787DA@SMSNTFS2...
> > Sorry Chuck, meant to send this to the whole list ;-}
> >
> > Chuck, a little begging here, but would you mind sharing your sanitized
> PIX
> > config for this VPN setup with me? I have been struggling with a 3-way
> VPN
> > setup (DES) and so far, have not been able to make it work.
> >
> > What I'm trying to do is create a 3-way VPN between 3 PIXes. I have
used
> > the CCO sample configs, but they appear not to work. A coworker of mine
> > also had a similar experience with the same config samples in a prior
> > attempt to do this.
> >
> > If anybody has any suggestions on this topic, I'm all ears. I've gone
> > through CCO pretty thoroughly (I believe) but haven't been able to find
> any
> > other truly revealing information. My PIX OS is version 5.1(2)
> >
> > Thanks,
> >
> > Rik Guyler
> >
> > -----Original Message-----
> > From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, December 20, 2000 7:59 PM
> > To: Cisco Mail List
> > Subject: Over the internet VPN class
> >
> >
> > OK, I think I can try this one again.
> >
> > Through the magic of the internet, I believe I have the means of setting
> up
> > my lab pod for some live VPN over the internet instruction.
> >
> > Weds. December 27, 5:00 p.m. Pacific, 8:00 p.m. eastern. I believe that
> > comes out to 1:00 a.m. Thursday December 27 GMT ( we're off daylight
> > savings, aren't we? :-> )
> >
> > I have received tentative concurrence from Dale Holmes that it will be
ok
> to
> > use the allnet chatsite as the means for running this informal class.
> > http://www.allnetllc.net/chat/ciscochat.htm
> >
> > Essentially, I will have IPSec 56 bit DES configured. Folks should be
able
> > to set up VPN tunnels to my routers, and potentially from there reach
> > eachother.
> >
> > I will be finishing up my study on this over the weekend, and will send
> out
> > another announcement. In the meantime, those who might be interested
might
> > want to look at how you might connect.
> > I have 2501 routers running 12.1 or so with IPSec DES
> >
> > Please do not e-mail me yet. All the details are not worked out. But
mark
> > your calendars.
> >
> > Chuck
> > ----------------------
> > I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your
life
> as
> > it has been is over ( if you hope to pass ) From this time forward, you
> will
> > study US!
> > ( apologies to the folks at Star Trek TNG )
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > ,
> >
> > This mail was processed by Mail essentials for Exchange/SMTP,
> > the email security & management gateway. Mail essentials adds
> > content checking, email encryption, anti spam, anti virus,
> > attachment compression, personalised auto responders, archiving
> > and more to your Microsoft Exchange Server or SMTP mail server.
> > For more information visit http://www.mailessentials.com
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> ,
>
> This mail was processed by Mail essentials for Exchange/SMTP,
> the email security & management gateway. Mail essentials adds
> content checking, email encryption, anti spam, anti virus,
> attachment compression, personalised auto responders, archiving
> and more to your Microsoft Exchange Server or SMTP mail server.
> For more information visit http://www.mailessentials.com
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
