Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Cisco Pix - Multiple peers per crypto map sequence...

from [Mollemans, Bart] Network Security [Permanent Link]
Subject: Cisco Pix - Multiple peers per crypto map sequence...
Date: Wed, 12 Oct 2005 09:59:16 +0200 
?
Hi,
 
I've got a tricky question:
Our situation is such that we've got several remote sites with Pix' and three 
interconnected main-sites each with an internet connection. We have the pix' 
dynamically set-up tunnels to our main site and in our crypto map we list all 3 
of our main-site's IP addresses as vpn peers. All 3 have been configured in an 
identical manner (same isakmp pol, access-lists, ...) (I know I checked 
exchaustively).
remote site example config:
crypto map xxxmap 10 ipsec-isakmp
crypto map xxxmap 10 match address aclmainsites
crypto map xxxmap 10 set peer A.B.C.D
crypto map xxxmap 10 set peer E.F.G.H
crypto map xxxmap 10 set peer I.J.K.L
crypto map xxxmap 10 set transform-set xxxset
crypto map xxxmap 10 set security-association lifetime seconds 3600 kilobytes 
4608000
crypto map xxxmap interface outside

Now my question :) : Only in the worst case scenario can the remote sites 
connect to the main-site I.J.K.L (because of limited Internet bandwith on this 
site), so how can I be sure that the sequence in which the remote pix 
establishes tunnels is such as I defined ??? I checked with cisco bu they have 
no docs on this. Nor do any of my usual forums... any input would be greatly 
apreciated.

 

Kind regards,

Bart Mollemans
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Cisco Pix - Multiple peers per crypto map sequence..., Mollemans, Bart <=
Previous by Date:  RE: Cisco PIX vs Cisco ASA, Infoget
Next by Date:  RE: Dual IP Address for Check Point ???, David Gillett
Previous by Thread:  Host placement and DMZ internal/external questions., Adam T
Next by Thread:  Blocking mass mailings caused by viruses, Erdahl, Larry E
Indexes:  [Date] [Thread] [Top] [All Lists]