Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > cisco config VPN router to pix

Reply
Thread Tools

cisco config VPN router to pix

 
 
reili@hotmail.com
Guest
Posts: n/a
 
      02-16-2007
I want to set up a VPN connection between a Cisco router 1760 and a
PIX 515.
Can anyone please give me a configuration suggestion that will work, I
have only expirience with PIX.

 
Reply With Quote
 
 
 
 
Frank Winkler
Guest
Posts: n/a
 
      02-19-2007
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

>I want to set up a VPN connection between a Cisco router 1760 and a
>PIX 515.
>Can anyone please give me a configuration suggestion that will work, I
>have only expirience with PIX.


I recently did a similar setup with a 1710 and a PIX 515. You need ISAKMP
policies and crypto maps with appropriate access lists on both sides.
Depending on whether the router has a fixed or a dynamic IP address, you
hae to use a dynamic map on the PIX.

On the router:

crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key <key> address <PIX> no-xauth
crypto isakmp keepalive 10 5
!
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
!
crypto map vpn 101 ipsec-isakmp
description VPN to PIX
set peer <PIX>
set transform-set vpn
match address 101
!
interface FastEthernetX
crypto map vpn
!
access-list 101 permit ip <your LAN> <PIX LAN>


On the PIX (for a dynamic router address):

sysopt connection permit-ipsec
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
crypto dynamic-map vpn-dyn 10 set transform-set vpn
crypto map vpnmap 101 ipsec-isakmp dynamic vpn-dyn
crypto map vpnmap interface outside
isakmp enable outside
isakmp key <key> address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode
isakmp identity address
isakmp keepalive 10 5
isakmp nat-traversal 20
isakmp policy 4 authentication pre-share
isakmp policy 4 encryption 3des
isakmp policy 4 hash md5
isakmp policy 4 group 2
isakmp policy 4 lifetime 86400

And don't forget to include the network behind the router into the "no NAT"
ACL on the PIX.

HTH

fw
 
Reply With Quote
 
 
 
 
Reili
Guest
Posts: n/a
 
      02-20-2007
On 19 Feb, 08:58, Frank Winkler <(E-Mail Removed)> wrote:
> (E-Mail Removed) wrote:
>
> >I want to set up a VPN connection between a Cisco router 1760 and a
> >PIX 515.
> >Can anyone please give me a configuration suggestion that will work, I
> >have only expirience with PIX.

>
> I recently did a similar setup with a 1710 and a PIX 515. You need ISAKMP
> policies and crypto maps with appropriate access lists on both sides.
> Depending on whether the router has a fixed or a dynamic IP address, you
> hae to use a dynamic map on the PIX.
>
> On the router:
>
> crypto isakmp policy 11
> encr 3des
> hash md5
> authentication pre-share
> group 2
> crypto isakmp key <key> address <PIX> no-xauth
> crypto isakmp keepalive 10 5
> !
> !
> crypto ipsec transform-set vpn esp-3des esp-md5-hmac
> !
> crypto map vpn 101 ipsec-isakmp
> description VPN to PIX
> set peer <PIX>
> set transform-set vpn
> match address 101
> !
> interface FastEthernetX
> crypto map vpn
> !
> access-list 101 permit ip <your LAN> <PIX LAN>
>
> On the PIX (for a dynamic router address):
>
> sysopt connection permit-ipsec
> crypto ipsec transform-set vpn esp-3des esp-md5-hmac
> crypto dynamic-map vpn-dyn 10 set transform-set vpn
> crypto map vpnmap 101 ipsec-isakmp dynamic vpn-dyn
> crypto map vpnmap interface outside
> isakmp enable outside
> isakmp key <key> address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode
> isakmp identity address
> isakmp keepalive 10 5
> isakmp nat-traversal 20
> isakmp policy 4 authentication pre-share
> isakmp policy 4 encryption 3des
> isakmp policy 4 hash md5
> isakmp policy 4 group 2
> isakmp policy 4 lifetime 86400
>
> And don't forget to include the network behind the router into the "no NAT"
> ACL on the PIX.
>
> HTH
>
> fw


Thanx,
I will try this during the next days

Reili

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN PIX-_static PIX ; PIX-dynamic_PIX ; VPN Client Svenn Cisco 3 03-13-2006 09:25 AM
Cisco 1750 Router Cisco QoS Device Manager Cisco VPN Device Manager Rene Kuhn Cisco 0 12-28-2005 08:45 PM
VPN Connection Problems between Cisco PIX 506E and Cisco VPN Concentrator 3005 Kai Cisco 0 02-15-2005 02:03 PM
Pix-Pix vpn via cisco 828 router Ants Cisco 2 11-30-2004 09:20 AM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM



Advertisments