VPN configuration clean-up (2 remote offices -> central HUB)

Discussion in 'Cisco' started by Richard J. Collins Ohio, Sep 13, 2004.

  1. Hello,

    I need to clean-up this configuration but I feel into troubles.

    Can I wipe the "access-list hugecity"?

    Are my crypto-map's ok? I know the first is going well but the second?

    Is it possible to split the big access-list into two parts? By doing
    it, do I have to modify the nat (inside) 0 command? By what?

    Many thanks for your help.

    Richard J. Collins


    PS: before getting into the VPN, the remote LAN are nated.

    Here you have the central HUB config.

    Cheers


    # sh conf

    PIX Version 6.3(3)
    interface ethernet0 auto
    interface ethernet1 auto
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password xxxxxxxxxxxxxxxxx encrypted
    passwd xxxxxxxxxxxxxxxxx encrypted
    hostname pixfw
    domain-name mynet.net

    [fixup]

    names
    access-list ACL_FOR_VPN permit ip host 10.7.44.99 host 10.89.240.211
    access-list ACL_FOR_VPN permit ip host 10.7.44.99 host 10.89.240.223
    access-list hugecity permit ip host 10.7.44.99 host 10.89.240.211
    access-list hugecity permit ip host 10.7.44.99 host 10.89.240.223
    no pager

    [logging]

    [icmp]

    [mtu]

    ip address outside 91.39.98.77 255.255.255.248
    ip address inside 10.10.191.2 255.255.255.128
    ip audit info action alarm
    ip audit attack action alarm
    no failover
    failover timeout 0:00:00
    failover poll 15
    no failover ip address outside
    no failover ip address inside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    nat (inside) 0 access-list hugecity
    route outside 0.0.0.0 0.0.0.0 57.66.64.9 1
    route inside 10.7.44.99 255.255.255.255 10.10.191.2 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    no snmp-server location
    no snmp-server contact
    snmp-server community yx4hxjfz
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    crypto ipsec transform-set strong-aes-md5 esp-aes esp-md5-hmac
    crypto map crypto-map-std 10 ipsec-isakmp
    crypto map crypto-map-std 10 match address hugecity
    crypto map crypto-map-std 10 set peer 195.65.11.36
    crypto map crypto-map-std 10 set transform-set strong-aes-md5
    crypto map crypto-map-std 20 ipsec-isakmp
    crypto map crypto-map-std 20 match address hugecity
    crypto map crypto-map-std 20 set peer 88.217.6.111
    crypto map crypto-map-std 20 set transform-set strong-aes-md5
    crypto map crypto-map-std interface outside
    isakmp enable outside
    isakmp key ******** address 195.65.11.36 netmask 255.255.255.252
    isakmp key ******** address 88.217.6.111 netmask 255.255.255.252
    isakmp identity address
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption aes
    isakmp policy 10 hash md5
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    telnet timeout 5

    [ssh]

    ssh timeout 60
    console timeout 0
    terminal width 80

    Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxx
    Richard J. Collins Ohio, Sep 13, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrzej

    ISDN router for remote offices

    Andrzej, Nov 4, 2003, in forum: Cisco
    Replies:
    1
    Views:
    395
    Sameer
    Nov 12, 2003
  2. Jarrod Lash

    Remote Offices with VOIP

    Jarrod Lash, Jul 7, 2004, in forum: Cisco
    Replies:
    0
    Views:
    406
    Jarrod Lash
    Jul 7, 2004
  3. Steven Potter

    Connect Remote offices to PBX

    Steven Potter, Nov 9, 2003, in forum: VOIP
    Replies:
    5
    Views:
    828
    shido
    Nov 16, 2003
  4. zillah via HWKB.com

    Frame Relay -HQ-remote offices slow connection

    zillah via HWKB.com, Mar 5, 2007, in forum: Cisco
    Replies:
    9
    Views:
    400
    zillah via HWKB.com
    Mar 6, 2007
  5. zillah
    Replies:
    4
    Views:
    444
    BernieM
    Jul 14, 2007
Loading...

Share This Page