site-site VPN tunnel between cisco pix 515 E version 7.0(4) and netscreen.

Discussion in 'Cisco' started by Dil, Dec 13, 2007.

  1. Dil


    Nov 8, 2007
    Likes Received:
    not able to establish the site-site VPN tunnel between cisco pix 515 E version 7.0(4) and netscreen.

    please cross check the conf and let me know if i'm worng some where in this conf.

    : Saved
    : Written by enable_15 at 02:13:29.901 UTC Thu Dec 13 2007
    PIX Version 7.0(4)
    hostname cisco
    enable password 9jNfZuG3TC5tCVH0 encrypted
    interface Ethernet0
    nameif outside
    security-level 0
    ip address 10.x.x.80
    interface Ethernet1
    speed 100
    duplex full
    nameif inside
    security-level 100
    ip address
    interface Ethernet2
    speed 100
    duplex full
    nameif DMZ
    security-level 50
    no ip address
    passwd 9jNfZuG3TC5tCVH0 encrypted
    boot system flash:/image.bin
    ftp mode passive
    dns domain-lookup outside
    access-list nonat extended permit ip
    access-list 103 extended permit ip
    pager lines 24
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu DMZ 1500
    ERROR: Command requires failover license
    ERROR: Command requires failover license
    icmp permit any outside
    icmp permit any inside
    arp timeout 14400
    global (outside) 1 interface
    global (outside) 2 10.x.x.81 netmask
    nat (inside) 2 access-list 103
    nat (inside) 1
    route outside 10.x.x.77 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    http server enable
    http inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set firstset esp-3des esp-md5-hmac
    crypto map arsinmap 10 match address 103
    crypto map arsinmap 10 set peer 13.y.y.8
    crypto map arsinmap 10 set transform-set firstset
    crypto map arsinmap interface outside
    isakmp enable outside
    isakmp policy 1 authentication pre-share
    isakmp policy 1 encryption 3des
    isakmp policy 1 hash md5
    isakmp policy 1 group 2
    isakmp policy 1 lifetime 86400
    tunnel-group 13.y.y.8 type ipsec-l2l
    tunnel-group 13.y.y.8 ipsec-attributes
    pre-shared-key cisco123
    telnet inside
    telnet timeout 5
    ssh timeout 5
    ssh version 1
    console timeout 0
    dhcpd lease 3600
    dhcpd ping_timeout 50
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect http
    service-policy global_policy global
    : end
    thanks in advance.
    Dil, Dec 13, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.