Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

An attempt to configure PTM PIX VPN

Hi all,

I am trying to tunnel multiple PIX VPNs, to one PIX. I got chooked on how to configure point to multipoint pix to pix VPN. IPsec, sha, 3des

The problem is how can I configure PIX1 to accept IPSec tunnel from the other three. I know that the other three Pixs need to have the same config.

Drawing:

10.20.22.84

|----------------------Pix2 (10.2.1.1)

Pix1 |-----------------------pix 3 (10.3.1.1)

|-------------------------Pix 4 (10.4.1.1)

Here is my confused configuration

access-list 101 permit ip 10.20.22.84 255.255.255.255 10.2.1.1 255.255.255.0

access-list 101 permit ip 10.20.22.84 255.255.255.255 10.3.1.1 255.255.255.0

access-list 101 permit ip 10.20.22.84 255.255.255.255 10.4.1.1 255.255.255.0

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

Isakmp enable outside

Isakmp identity address

Isakmp Disable Ethernet1

Isakmp disable Ethernet2

Isakmp disable Ethernet3

crypto map engineering interface outside

crypto map engineering 10 match address 101

crypto map engineering 10 set peer 10.4.1.1

crypto map engineering 10 set peer 10.3.1.1

crypto map engineering 10 set peer 10.2.1.1

Isakmp policy 10 encryption 3des

Isakmp policy 10 hash sha

Isakmp policy 10 authentication pre-share

Isakmp policy 10 group 2

Isakmp policy 10 lifetime 28800

crypto ipsec transform-set Head esp-3des esp-sha-hmac

crypto map Head 10 ipsec- isakmp

match address 101

set transform-set Head

crypto ipsec security-association lifetime 3600

vpngroup vpn address-pool ippool

vpngroup vpn dns-server X.X.X.X

vpngroup vpn wins-server X.X.X.X

vpngroup vpn default-domain Next_Kins.com

vpngroup vpn idle-time 1800

vpngroup vpn password ********

vpngroup vpn split-tunnel 101

telnet timeout 5

ssh timeout 5

terminal width 80

PIX520 platform 5.1(2)

Thanks for your help.

Elias

  • Other Security Subjects
1 REPLY
Cisco Employee

Re: An attempt to configure PTM PIX VPN

Try setting up the config as per this document which describes

exactly the setup that you are trying.

http://www.cisco.com/warp/customer/110/pixhubspoke.html

Let us know if you run into issues after you setup like above.

Vijay.

101
Views
0
Helpful
1
Replies