-------Config PIX A--------- PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 access-list inside_access_in permit ip 172.22.57.0 255.255.255.0 any access-list inside_outbound_nat0_acl permit ip 172.22.57.0 255.255.255.0 172.22.56.0 255.255.255.0 access-list inside_outbound_nat0_acl permit ip 172.22.57.0 255.255.255.0 10.10.10.0 255.255.255.0 access-list inside_outbound_nat0_acl permit ip 172.22.57.0 255.255.255.0 10.10.30.0 255.255.255.0 access-list outside_cryptomap_220 permit ip 172.22.57.0 255.255.255.0 172.22.56.0 255.255.255.0 access-list outside_cryptomap_220 permit ip 172.22.57.0 255.255.255.0 10.10.10.0 255.255.255.0 access-list outside_cryptomap_220 permit ip 172.22.57.0 255.255.255.0 10.10.30.0 255.255.255.0 ip address outside xx.xx.xx.xx 255.255.255.240 ip address inside 172.22.57.254 255.255.255.0 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group outside_access_in in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1 sysopt connection permit-ipsec crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto map outside_map 220 ipsec-isakmp crypto map outside_map 220 match address outside_cryptomap_220 crypto map outside_map 220 set peer xx.xx.xx.xx crypto map outside_map 220 set transform-set ESP-3DES-MD5 crypto map outside_map interface outside isakmp enable outside isakmp key ******** address xx.xx.xx.xx netmask 255.255.255.255 no-xauth no-config-mode isakmp nat-traversal 20 isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 isakmp policy 40 authentication pre-share isakmp policy 40 encryption 3des isakmp policy 40 hash sha isakmp policy 40 group 2 isakmp policy 40 lifetime 86400 -------Config PIX B--------- PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 DMZ security50 access-list inside_access_in permit ip 172.22.56.0 255.255.255.0 any access-list inside_access_in permit ip 172.22.56.0 255.255.255.0 any access-list iDMZ_access_in permit ip 10.10.10.0 255.255.255.0 any access-list inside_outbound_nat0_acl permit ip 172.22.56.0 255.255.255.0 172.22.57.0 255.255.255.0 access-list inside_outbound_nat0_acl permit ip 10.10.30.0 255.255.255.0 172.22.57.0 255.255.255.0 access-list DMZ_outbound_nat0_acl permit ip 10.10.10.0 255.255.255.0 172.22.57.0 access-list outside_cryptomap_300 permit ip 172.22.56.0 255.255.255.0 172.22.57.0 255.255.255.0 access-list outside_cryptomap_300 permit ip 10.10.10.0 255.255.255.0 172.22.57.0 255.255.255.0 access-list outside_cryptomap_300 permit ip 10.10.30.0 255.255.255.0 172.22.57.0 255.255.255.0 ip address outside xx.xx.xx.xx 255.255.255.240 ip address inside 172.22.56.8 255.255.255.0 ip address DMZ 10.10.10.254 255.255.255.0 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 Lan-Ibm 255.255.255.0 0 0 nat (inside) 1 Lan 255.255.255.0 0 0 nat (DMZ) 0 access-list DMZ_outbound_nat0_acl nat (DMZ) 1 10.10.10.0 255.255.255.0 0 0 access-group outside_access_in in interface outside access-group inside_access_in in interface inside access-group DMZ_access_in in interface DMZ route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1 route inside 10.10.30.0 255.255.255.0 172.22.56.1 1 crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac sysopt connection permit-ipsec crypto map outside_map 300 ipsec-isakmp crypto map outside_map 300 match address outside_cryptomap_300 crypto map outside_map 300 set peer xx.xx.xx.xx crypto map outside_map 300 set transform-set ESP-3DES-MD5 crypto map outside_map interface outside isakmp enable outside isakmp key ******** address xx.xx.xx.xx netmask 255.255.255.255 no-xauth no-config-mode isakmp nat-traversal 20 isakmp policy 40 authentication pre-share isakmp policy 40 encryption 3des isakmp policy 40 hash md5 isakmp policy 40 group 2 isakmp policy 40 lifetime 86400 isakmp policy 60 authentication pre-share isakmp policy 60 encryption 3des isakmp policy 60 hash sha isakmp policy 60 group 2 isakmp policy 60 lifetime 86400 ------- Config Router B---------- ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 description Reseaux Data encapsulation dot1Q 1 native ip address 172.22.56.1 255.255.255.0 ! interface FastEthernet0/0.2 description Reseaux Toip encapsulation dot1Q 2 ip address 192.168.56.1 255.255.255.0 ! interface FastEthernet0/1 description Lan ip address 10.10.30.254 255.255.255.0 duplex auto speed auto ! ip route 0.0.0.0 0.0.0.0 172.22.56.8 ! ! end