Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Router (827) to PIX (515)

I tried to make a conecction between a Router CISCO 827 and a PIX 515 but it dosen´t work.

Could someone help me, I posted both configuration

Thanks a lot

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 DMZ security10

enable password fho06o.qMxJMEpo6 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixcoslada


fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000


access-list 90 permit ip

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

ip address outside

ip address inside

ip address DMZ

ip verify reverse-path interface outside

ip verify reverse-path interface inside

ip verify reverse-path interface DMZ

ip audit info action alarm

ip audit attack action alarm

pdm location inside

pdm logging errors 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 90

nat (inside) 1 0 0

route outside 1

timeout xlate 3:00:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http inside

no snmp-server location

no snmp-server contact



version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption


hostname RTADSL


mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip domain-lookup



crypto isakmp policy 1

encr 3des

authentication pre-share

crypto isakmp key ****** address



crypto ipsec transform-set mytrans ah-sha-hmac esp-3des


crypto map mymap local-address ATM0

crypto map mymap 1 ipsec-isakmp

set peer

set transform-set mytrans

match address 103





interface Ethernet0

description connected to Eth - Rozas

ip address

ip nat inside

hold-queue 100 out


interface ATM0

ip address

ip nat outside

no atm ilmi-keepalive

pvc 8/32

protocol ip

encapsulation aal5snap


dsl operating-mode auto

crypto map mymap


ip nat pool test netmask

ip nat inside source list 103 pool test overload

ip nat inside source static tcp 21 21 extendable

ip classless

ip route

no ip http server

ip pim bidir-enable



access-list 103 deny ip

access-list 103 permit ip any



line con 0

exec-timeout 0 0

password 7 06575D72021A5C4F


stopbits 1

line vty 0 4

password 7 06575D72021A5C4F



scheduler max-task-time 5000


Cisco Employee

Re: Router (827) to PIX (515)


Take a look at below URL, you need to configure isakmp and ipsec policies on the Pix and this should match the policies configured on the router.

And also use a different access-list for the match address and carefully follow the NAT configurations.

You can make the changes and post the configs.



CreatePlease login to create content