RE: VPN Design - is it possible

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
Subject: [fw-wiz] VPN Design - is it possible

> My question is : is it possible to have 2 separate VPN connection to the
same SITE ( looking 
> from B,C,D,E point of view - they would see the LAN behind SITE A using 2
separate IPSec 
> tunnels)? Has anyone done or seen anything similar? Do you have a better
plan using the 
> given, options??

You cannot have two tunnels on a single PIX that have the same crypto map
match access-list.  However, if I understand your diagram correctly, you
shouldn't need to do this.  You should be able to configure the two external
routers at Site A to create a redundant path to one of the firewalls there.
More here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration
_example09186a008052d450.shtml#diag

If you need device failover for the firewalls at Site A, you're going to
have to upgrade to 515's or better.

PaulM



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards