Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Pix 515e -> dynamic 851w

Reply
Thread Tools

Pix 515e -> dynamic 851w

 
 
theaberdog theaberdog is offline
Junior Member
Join Date: Apr 2007
Posts: 1
 
      04-04-2007
Greeting folks,

I am running into a tough issue (at least for me) here, allow me to
describe:

I currently have a WAN between a few PIX 515Es in data centers and a
static 851W at a remote office. I am trying to hook up another 851W,
running Version 12.4(4)T7, with a dynamic IP into this WAN. I have
targeted one of the 515Es, running Version 7.0(1), as the first point
of entry into the WAN. All the devices are in a mesh (connecting to
all the other nodes).

Anyways, I have read through and attempted to make the changes
recommended by http://www.cisco.com/warp/public/471...outer_dyn.html
which seemed perfect, alas I am still not seeing any results.
Additionally I have read through many newsgroup postings however none
seem to be on topic or correct.

So let me include some of my config based on the Cisco article and
maybe a fresh set of eyes can figure out where I am going wrong.
Understand that the PIX is working fine so there is no issue with
internet connection, natting (though maybe on this connection)

Thanks for your help!

Dave


PIX 515E Version 7.0:

access-list inside_outbound_nat0_acl extended permit ip 192.168.10.0
255.255.255.0 192.168.2.0 255.255.255.240

access-list outside_cryptomap_100 extended permit ip 192.168.10.0
255.255.255.0 192.168.2.0 255.255.255.240
access-list outside_cryptomap_100 extended permit ip 192.168.110.0
255.255.255.0 192.168.2.0 255.255.255.240

crypto dynamic-map dynmap 10 set transform-set ESP-DES-MD5
crypto map dyn-map 100 ipsec-isakmp dynamic dynmap
crypto map dyn-map interface outside

isakmp key ***** address 0.0.0.0 netmask 0.0.0.0
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 28800


851W Version 12.4:

crypto isakmp policy 1
hash md5
authentication pre-share
lifetime 28800

crypto isakmp key ***** address xxx.xxx.xxx.xxx

crypto ipsec transform-set SF_Transform_Set esp-des esp-md5-hmac

crypto map SF_iC 3 ipsec-isakmp
description Tunnel LA
set peer xxx.xxx.xxx.xxx
set transform-set SF_Transform_Set
match address 102

interface FastEthernet4
ip nat outside
crypto map SF_iC

interface Dialer1
ip nat outside

interface Vlan1
no ip address
ip nat inside

interface BVI1
ip address 192.168.2.1 255.255.255.240
ip nat inside

ip nat inside source route-map SF_RMAP interface Dialer1 overload

access-list 102 remark ACL to LA
access-list 102 permit ip 192.168.2.0 0.0.0.15 192.168.10.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.15 192.168.110.0 0.0.0.255

access-list 105 deny ip 192.168.2.0 0.0.0.15 192.168.10.0 0.0.0.255
access-list 105 permit ip 192.168.2.0 0.0.0.15 any

route-map SF_RMAP permit 1
match ip address 105
 

Last edited by theaberdog; 04-05-2007 at 03:57 PM.. Reason: Since the posting will not delete or change
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pix 515e -> dynamic 851w dmgeller@gmail.com Cisco 0 04-04-2007 06:03 PM
Cisco System PIX 515E - Memory and PIX OS upgrade Speed3ple Cisco 0 04-04-2006 10:24 AM
Cisco PIX 6.1 (4) - Model PIX 515E Romeo Cisco 1 03-20-2006 03:26 PM
Static PAT overrides Dynamic Pat - Pix 515e BinSur Cisco 4 01-13-2006 09:44 AM
Replacing a PIX 515E with a PIX 515 Dustin Cisco 3 11-08-2005 11:06 PM



Advertisments