Re: Cisco PIX 515 VPN Configuration ... [7:19457]

Tue, 11 Sep 2001 13:14:01 -0700 

Here is a working sample that I have used.

PIX config PIX to PIX using 5.1.2

Site #1

access-list 101 permit ip 10.2.0.0 255.255.255.0 10.3.0.0 255.255.255.0
sysopt connection permit-ipsec
NAT (inside) 0 access-list 101
crypto ipsec transform-set strong esp-des esp-sha-hmac
crypto map remote 10 ipsec-isakmp
crypto map remote 10 match address 101
crypto map remote 10 set peer 10.5.1.2
crypto map remote 10 set transform-set strong
crypto map remote interface outside
isakmp enable outside
isakmp key know1234 address 10.5.1.2 netmask 255.255.255.255
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption des
isakmp policy 5 hash sha
isakmp policy 5 group 1
isakmp policy 5 lifetime 86400

Site 2

access-list 101 permit ip 10.3.0.0 255.255.255.0 10.2.0.0 255.255.255.0
sysopt connection permit-ipsec
NAT (inside) 0 access-list 101
crypto ipsec transform-set strong esp-des esp-sha-hmac
crypto map remote 10 ipsec-isakmp
crypto map remote 10 match address 101
crypto map remote 10 set peer 10.1.2.1
crypto map remote 10 set transform-set strong
crypto map remote interface outside
isakmp enable outside
isakmp key know1234 address 10.1.2.1 netmask 255.255.255.255
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption des
isakmp policy 5 hash sha
isakmp policy 5 group 1
isakmp policy 5 lifetime 86400

The only trick is to make sure that the ACL's used to specify interesting
traffic are a mirror of each other.

MikeN

""Bac Nguyen""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
> I try to configured the 2 Cisco 515 PIX for site to site VPN and run in
some
> problem ... it does not passing the traffic for the VPN. I have searched
the
> Cisco site for sample configuration but that does not work or help much or
I
> might looking at the wrong place.
>
> If anyone know where I can get more information about the PIX for
> site-to-site VPN configuration or if you have a "working" configuration
that
> you don't might to send me a copy. Thanks.
>
> Bac




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19475&t=19457
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to