Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2844
Views
20
Helpful
18
Replies

Configure VPN between CSR 100V and PIX

avacisco
Level 1
Level 1

‎03-21-2018 09:07 AM - edited ‎03-12-2019 07:24 AM

I am new to programming Cisco IOS devices.  I have a client with which I need to create a VPN from our VPC to their PIX device.  I have started a trial with the Cisco CSR 1000V virtual appliance.  I have access to it and have started to the configuration.

 

I think I have the isakmp phase 1 complete and most of phase 2. Where I am stuck is no doubt the actual complicated part...setting the acls, etc. for interesting traffic and whatever else is needed.

 

The PIX admin gave me the following peer and endpoint info (generalized here for security purposes as these are all "real" IPs):

 

Peer1 xxx.xxx.xxx.5

Target1a xxx.yyy.yyy.7

Target1b xxx.xxx.xxx.7

 

Peer2 zzz.zzz.zzz.17

Target2 zzz.zzz.zzz.7

 

I would be grateful for any help with how this information should be used to complete the S-2-S VPN configuration.  Every example I have found uses a subnet and not a real IP for filtering interesting traffic.

 

Thanks

Kirt

Labels:
0 Helpful
18 Replies 18

Francesco Molino
VIP Alumni
VIP Alumni
In response to avacisco

‎03-28-2018 07:03 AM

You can run debug crypto ipsec for example


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

avacisco
Level 1
Level 1
In response to Francesco Molino

‎03-28-2018 09:43 AM

I had been trying that and was turning debug on for ipsec and isakmp, but did not see any output.  I found the term monitor option and am looking at output now.

 

 

 

0 Helpful

avacisco
Level 1
Level 1
In response to Francesco Molino

‎03-28-2018 12:04 PM

It turned out to be an encryption mismatch.  We have a the tunnel up!

 

Thanks for all your input, Francesco!

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to avacisco

‎03-28-2018 05:26 PM

Glad that everything works. You're welcome

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents