Netexpertise

Having set up VPN parameters on two Cisco PIX, you need to generate a traffic flow from a network to another to bring the connection up. This can be annoying if want to make sure the tunnel is active before you connect the network.
 
Let’s take 2 sub-networks 192.168.2.0/24 and 192.168.3.0/24.
Once VPN connections are configured on the Cisco PIX, double-check you have these:
 
On PIX1:

PIX1#show run
access-list VPN_TO_PIX2 permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
...
ip address inside 192.168.2.1 255.255.255.0
...
management-access inside

 
Same on PIX2 for all, but the IP address indeed.
Management-access allows the PIX to send the ping back from the internal interface.
 
To activate the VPN connection, you just need to ping the remote Cisco’s internal interface from the internal local interface. In a nutshell:

PIX1#ping inside 192.168.3.1
        192.168.3.1 response received -- 60ms
        192.168.3.1 response received -- 50ms
        192.168.3.1 response received -- 50ms

 
Check the VPN has been created:

PIX1# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst	     src        state        pending      created
      PIX2_IP      PIX1_IP      QM_IDLE      0            2

Tags: Cisco, pix, vpn

Comments RSS