Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

crypto in Cisco Pix

Can some one help me in explaining about the crypto commands in the cisco pix firewall and their usage and how to to configure.

Thanks in Advance

Community Member

Re: crypto in Cisco Pix

the crypto commands are used for IPSec configuration. Cisco has multiple documents explaining IPSec in general or specific for PIX firewalls. The information is too much to post here. I would start with some generic IPSec reading at

Specific PIX IPsec information can be found at the PIX documentation pages.

For your initial setup you might want to consider to hire a experienced and knowledgable consultant. He/she should provide you with a workable configuration and will explain the details to you.

Community Member

Re: crypto in Cisco Pix

Here is a config that will let your Cisco VPN 3000 Client connect to your PIX as long as you have the DES key.

ip address outside

ip address inside


access-list 101 permit ip

ip local pool ippool

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup cisco-vpn address-pool ippool

vpngroup cisco-vpn dns-server

vpngroup cisco-vpn wins-server

vpngroup cisco-vpn default-domain cisco

vpngroup cisco-vpn idle-time 1800

vpngroup cisco-vpn password cisco

CreatePlease to create content