12-06-2001 11:14 AM - edited 02-20-2020 09:55 PM
Can some one help me in explaining about the crypto commands in the cisco pix firewall and their usage and how to to configure.
Thanks in Advance
12-06-2001 03:07 PM
the crypto commands are used for IPSec configuration. Cisco has multiple documents explaining IPSec in general or specific for PIX firewalls. The information is too much to post here. I would start with some generic IPSec reading at http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSec
Specific PIX IPsec information can be found at the PIX documentation pages.
For your initial setup you might want to consider to hire a experienced and knowledgable consultant. He/she should provide you with a workable configuration and will explain the details to you.
12-06-2001 08:42 PM
Here is a config that will let your Cisco VPN 3000 Client connect to your PIX as long as you have the DES key.
ip address outside 208.1.1.254 255.255.255.0
ip address inside 10.1.1.254 255.255.255.0
domain-name cisco.com
access-list 101 permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
ip local pool ippool 192.168.1.1-192.168.1.254
nat (inside) 0 access-list 101
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup cisco-vpn address-pool ippool
vpngroup cisco-vpn dns-server 10.1.1.1 10.1.1.3
vpngroup cisco-vpn wins-server 10.1.1.1
vpngroup cisco-vpn default-domain cisco
vpngroup cisco-vpn idle-time 1800
vpngroup cisco-vpn password cisco
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide