Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

pix 515 & 501 Site to site VPN

I have a 515 at the edge of the enterprise and a remote site which I would like to use a site to site with a 501 to connect back. Any direction on where to start?

2 REPLIES
Gold

Re: pix 515 & 501 Site to site VPN

Try this documet

http://www.cisco.com/warp/public/110/38.html

M.

rate helpful posts

Gold

Re: pix 515 & 501 Site to site VPN

below are the sample codes for configuring a lan-lan vpn between 2 pixes:

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 121 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

ip address outside 1.1.1.1 255.255.255.0

ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map myvpn 10 ipsec-isakmp

crypto map myvpn 10 match address 121

crypto map myvpn 10 set peer 1.1.1.2

crypto map myvpn 10 set transform-set myset

crypto map myvpn interface outside

isakmp enable outside

isakmp key cisco123 address 1.1.1.2 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

one matter needs to be noticed is that both site would need a static ip, otherwise ezvpn may be deployed.

90
Views
0
Helpful
2
Replies
CreatePlease to create content