Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
335
Views
0
Helpful
2
Replies

Need Site to Site example with both sides hiding ip's

Patrick.Beaven
Level 1
Level 1

‎09-05-2007 12:54 PM

Does anyone have a few examples of site to site vpns setup where you need to hide the private ip subnets on both sites. I cant find any good examples using static nat statement etc.

Thanks,

Labels:
0 Helpful
2 Replies 2

jvanwa1
Level 1
Level 1

‎09-09-2007 05:36 PM

Pat,

Here is what I have on my PIX 6.3 going to a customer's Checkpoint. Right now I am the only one able to start up the IPSec VPN tunnel; don't know if I need to change something or they do, so they can initiate the tunnel.

static (inside,outside) 64.233.169.99 192.168.111.1 netmask 255.255.255.255 0 0

access-list onion permit ip host 64.233.169.99 host 71.18.55.123

access-list onion permit ip host 64.233.169.99 host 71.18.55.127

crypto ipsec transform-set cheese esp-3des esp-sha-hmac

crypto map hotdog 30 ipsec-isakmp

crypto map hotdog 30 match address onion

crypto map hotdog 30 set peer 71.18.55.4

crypto map hotdog 30 set transform-set cheese

crypto map hotdog interface outside

isakmp key ********** address 71.18.55.4 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp keepalive 10

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

0 Helpful

Patrick.Beaven
Level 1
Level 1
In response to jvanwa1

‎09-11-2007 10:11 AM

This is very Close to what i ended up doinng!

Thanks,

Pat

0 Helpful
Customers Also Viewed These Support Documents