from pix to router

Unanswered Question
Sep 20th, 2007
User Badges:
  • Bronze, 100 points or more

hi all,


i have one pix 515E on which we have configured a VPN site-to-site with our partner, now we want to move the VPN to a Router 1841, all i would like to know that if anyone can guide me or help me in converting the VPN configuration on PIX515E to Router 1841 so that i can set it up.


the pix 515E vpn configuration is as following


access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.16.7.5

access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.16.8.15

access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 192.168.108.122

access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 192.168.108.61

access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.16.5.56

access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.18.13.25

access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.16.5.93

access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.16.5.100

access-list xyzcompany permit ip host 10.60.72.201 host 172.16.5.56

access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.19.5.32

!

sysopt connection permit-ipsec

crypto ipsec transform-set xyzcompany esp-3des esp-md5-hmac

crypto map transam 20 ipsec-isakmp

crypto map transam 20 match address xyzcompany

crypto map transam 20 set peer 1.170.2.85

crypto map transam 20 set transform-set xyzcompany

crypto map transam 20 set security-association lifetime seconds 3600 kilobytes 4608000

crypto map transam interface outside

isakmp enable outside

isakmp key 1234xcv address 1.170.2.85 netmask 255.255.255.255

isakmp identity address

isakmp keepalive 10 30

isakmp nat-traversal 20

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Thu, 09/20/2007 - 20:21
User Badges:
  • Cisco Employee,

Hi,


Here you go..



crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2


crypto ipsec transform-set xyzcompany esp-3des esp-md5-hmac


crypto isakmp key 1234xcv address 1.170.2.85 no-xauth


crypto map transam 20 ipsec-isakmp

set peer 1.170.2.85

set transform-set xyzcompany

match address xyzcompany


ip access-list extended xyzcompany

permit ip 10.60.72.128 0.0.0.127 host 172.16.7.5

permit ip 10.60.72.128 0.0.0.127 host 172.16.8.15

permit ip 10.60.72.128 0.0.0.127 host 192.168.108.122

permit ip 10.60.72.128 0.0.0.127 host 192.168.108.61

permit ip 10.60.72.128 0.0.0.127 host 172.16.5.56

permit ip 10.60.72.128 0.0.0.127 host 172.18.13.25

permit ip 10.60.72.128 0.0.0.127 host 172.16.5.93

permit ip 10.60.72.128 0.0.0.127 host 172.16.5.100

permit ip host 10.60.72.201 host 172.16.5.56

permit ip 10.60.72.128 0.0.0.127 host 172.19.5.32



interface GigabitEthernet0/0

ip address 1.1.1.1 255.255.255.0

duplex auto

speed auto

crypto map transam

end


I hope it helps.


Regards

Arul


Actions

This Discussion