Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix 501 VPN

I have 2 sites with brand new PIX 501's. Both sites have static IP addresses and the sites also reside on different internal IP schemes. I am trying to create a VPN between the 2 sites. I have tried using the VPN Wizard in the PDM (3.0), as well as, manually creating the configuration by entering in commands. I have been unsuccessful so far with either way. I would rather use the PDM if possible, but I am willing to use the commands.

Can somebody help me please?

Thanks!

3 REPLIES
Gold

Re: Pix 501 VPN

Jeff,

What I would suggest is for you to start afresh, issue in config mode on your PIX: configure factory-default

This will re-set the PIX to it's factory default, now if your not using the PIX as DHCP server then remove DHCP by issuing (again in config mode): clear dhcpd

Save with: write mem. Now change your inside and outside interface IP's as apporiate, also make sure to add the route outside command pointing to your internet facing router.

i.e. route outside 0.0.0.0 0.0.0.0

Here's a good document to get you going:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml

Hope this helps and let me know how you get on.

Jay

New Member

Re: Pix 501 VPN

Jay,

Thanks for your help! I used the document you suggested to correct a couple configuration errors.

Jeff

Gold

Re: Pix 501 VPN

just wondering if the tunnel is up and running now.

below are the sample codes for configuring lan-lan vpn on a pix:

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 121 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

ip address outside 1.1.1.1 255.255.255.0

ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map myvpn 10 ipsec-isakmp

crypto map myvpn 10 match address 121

crypto map myvpn 10 set peer 1.1.1.2

crypto map myvpn 10 set transform-set myset

crypto map myvpn interface outside

isakmp enable outside

isakmp key cisco123 address 1.1.1.2 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

89
Views
4
Helpful
3
Replies