PIX config-site to site and site to client.

ntmanjunath · ‎07-15-2008

Hi,

We are using IPsec b/w site to site (Bangalore A and US B).We need to configure Bangalore PIX for VPN Connection also from Bangalore A to Cheenai C (Site to client).What would be the configuration? Whether this PIX Version 6.3(4) will support.

The site to site configuration is as follows.

crypto ipsec transform-set strong esp-des esp-sha-hmac

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map BLR 20 ipsec-isakmp

crypto map BLR 20 match address 102

crypto map BLR 20 set peer 209.10.209.56

crypto map BLR 20 set transform-set strong

crypto map BLR interface outside

isakmp enable outside

isakmp key A3L791-10BLU-2 address 209.10.209.56 netmask 255.255.255.255

isakmp identity address

isakmp nat-traversal 20

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash sha

isakmp policy 20 group 1

isakmp policy 20 lifetime 86400

telnet 10.1.1.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

username xxx password xxx encrypted privilege 15

terminal width 80

Cryptochecksum:xxx

dhananjoy chowdhury · ‎07-15-2008

Hi Manjunath,

First of all I would suggest you to upgrade the IOS to atleast 7.0.

You can configure the both site 2site and client2site vpns on the same box. But be carefull when creating the crypto map for the remote vpn.

Here is an example of adding remote vpn config in the same FW with an existing site2site vpn.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml

Hope this helps.

Dhananjoy