Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

MIX UNIDIRECTIONAL AND BIDIRECTIONAL VPN

THE FF. 3 OOFICES ARE ALL USING PIX FOR VPN

A=MAIN OFFICE WITH FIX IP

B=BRANCH OOFICE WITH DYNAMIC IP

C=BRANCH OFFICE WITH FIX IP

BELOW WORKING VPN CONFIGURATIONS ARE;

B TO A = UNIDIRECTIONAL

C TO A = UNIDIRECTIONAL

GOALS:

B TO A = UNIDIRECTIONAL VPN (REMAIN)

C AND A = BIDIRECTIONAL VPN

PLEASE TELL ME WHAT ADDITIONAL CONFIG I HAVE TO DO.

THANKS A LOT.

THE FF ARE THE EXISTING CONFIGURATIONS;

POINT A CONFIGURATION

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map cisco 1 set transform-set myset

crypto map dyn-map 20 ipsec-isakmp dynamic cisco

crypto map dyn-map interface outside

isakmp enable outside

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 1000

POINT B CONFIGURATION

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map newmap 10 ipsec-isakmp

crypto map newmap 10 match address 101

crypto map newmap 10 set peer POINT A_IP

crypto map newmap 10 set transform-set myset

crypto map newmap interface outside

isakmp enable outside

isakmp key ******** address POINT A_ IP netmask 255.255.255.255

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 1000

POINT C CONFIGURATION

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map newmap 10 ipsec-isakmp

crypto map newmap 10 match address 101

crypto map newmap 10 set peer POINT A_IP

crypto map newmap 10 set transform-set myset

crypto map newmap interface outside

isakmp enable outside

isakmp key ******** address POINT A_IP netmask 255.255.255.255

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 1000

319
Views
0
Helpful
0
Replies
CreatePlease to create content