Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
1
Replies

PIX 520 to PIX 520 IPSEC TUNNEL IOS 6.3(4)

ciscomoon
Level 1
Level 1

‎11-09-2005 11:30 PM - edited ‎02-21-2020 02:05 PM

We have two cisco PIX 520 16M FLASH IOS 6.3(4) on both and 2 FE interfaces on each firewall. (Identical PIXes)

The first PIX CONFIG is:

nameif ethernet0 outside security0

nameif ethernet1 inside security100

......

access-list 101 permit ip 192.168.XXX.0 255.255.255.0 192.168.AAA.0 255.255.255.0

access-list 102 permit ip 192.168.XXX.0 255.255.255.0 192.168.AAA.0 255.255.255.0

..........

nat (inside) 0 access-list 101

..........

crypto ipsec transform-set SecuritySet esp-des esp-sha-hmac

crypto map rtpmap 1 ipsec-isakmp

crypto map rtpmap 1 match address 102

crypto map rtpmap 1 set peer AAA.AAA.AAA.AAA

crypto map rtpmap 1 set transform-set SecuritySet

crypto map rtpmap 1 set security-association lifetime seconds 3600 kilobytes 4608000

crypto map rtpmap interface outside

isakmp enable outside

isakmp key ******** address AAA.AAA.AAA.AAA netmask 255.255.255.255

isakmp identity address

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 86400

And the second PIX Config is:

nameif ethernet0 outside security0

nameif ethernet1 inside security100

......

access-list 101 permit ip 192.168.AAA.0 255.255.255.0 192.168.XXX.0 255.255.255.0

access-list 102 permit ip 192.168.AAA.0 255.255.255.0 192.168.XXX.0 255.255.255.0

..........

nat (inside) 0 access-list 101

..........

crypto ipsec transform-set SecuritySet esp-des esp-sha-hmac

crypto map rtpmap 1 ipsec-isakmp

crypto map rtpmap 1 match address 102

crypto map rtpmap 1 set peer XXX.XXX.XXX.XXX

crypto map rtpmap 1 set transform-set SecuritySet

crypto map rtpmap 1 set security-association lifetime seconds 3600 kilobytes 4608000

crypto map rtpmap interface outside

isakmp enable outside

isakmp key ******** address XXX.XXX.XXX.XXX netmask 255.255.255.255

isakmp identity address

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 86400

We have turned logging on and debugging for IPSEC and ISAKMP, but threr seems to be no connection attempts between the two PIXes none of the PIXes is trying to initiate a connection to the other PIX.

Please Help!

Labels:
0 Helpful
1 Reply 1

jmia
Level 7
Level 7

‎11-10-2005 12:25 AM

Please see my reply under - Security | Firewalling section.

Jay

0 Helpful
Customers Also Viewed These Support Documents