Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

crypto in Cisco Pix

Can some one help me in explaining about the crypto commands in the cisco pix firewall and their usage and how to to configure.

Thanks in Advance

2 REPLIES
Community Member

Re: crypto in Cisco Pix

the crypto commands are used for IPSec configuration. Cisco has multiple documents explaining IPSec in general or specific for PIX firewalls. The information is too much to post here. I would start with some generic IPSec reading at http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSec

Specific PIX IPsec information can be found at the PIX documentation pages.

For your initial setup you might want to consider to hire a experienced and knowledgable consultant. He/she should provide you with a workable configuration and will explain the details to you.

Community Member

Re: crypto in Cisco Pix

Here is a config that will let your Cisco VPN 3000 Client connect to your PIX as long as you have the DES key.

ip address outside 208.1.1.254 255.255.255.0

ip address inside 10.1.1.254 255.255.255.0

domain-name cisco.com

access-list 101 permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

ip local pool ippool 192.168.1.1-192.168.1.254

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup cisco-vpn address-pool ippool

vpngroup cisco-vpn dns-server 10.1.1.1 10.1.1.3

vpngroup cisco-vpn wins-server 10.1.1.1

vpngroup cisco-vpn default-domain cisco

vpngroup cisco-vpn idle-time 1800

vpngroup cisco-vpn password cisco

99
Views
0
Helpful
2
Replies
CreatePlease to create content