Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
0
Helpful
4
Replies

v6.2(1) and VPN

agoodwin
Level 1
Level 1

‎06-27-2002 11:22 AM - edited ‎02-21-2020 11:50 AM

Are there any problems with using this setup? I have tried two different scenario's one with a vpn client and the other pix to pix but both aren't working. I appreciate I could very easily have got the configs wrong I am just trying to see if there are any know issue's or in fact any changes that would need to be introduced from earlier releases.

cheers

Andy

Labels:
0 Helpful
4 Replies 4

rrbleeker
Level 1
Level 1

‎06-27-2002 01:53 PM

I have several VPN solution with PIX version 6.2(1) and have not run into any issues.

0 Helpful

agoodwin
Level 1
Level 1
In response to rrbleeker

‎06-28-2002 02:30 AM

Thats good news. thanks.

If anyone has a spare minute could you tell me what I have wrong in my configs? Also would there be anything I would need to configure on the two domains at either side? both are NT4 based. This is pix to pix.

Site 1

Internal network 192.9.200.x

nameif e0 outside sec0

nameif e1 inside sec100

int e0 10baset

int e1 10baset

ip address inside 192.9.200.250 255.255.255.0

ip address outside 62.x.x.x 255.255.255.240

route outside 0 0 62.x.x.x 1

static (inside,outside) 62.x.x.x 192.9.200.1 netmask 255.255.255.255 0 0

access-list emailacl permit tcp any host 62.x.x.x eq smtp

access-group emailacl in interface outside

no fixup protocol smtp

access-list 120 permit ip 192.9.200.0 255.255.255.0 10.1.0.0 255.255.0.0

access-list 100 permit ip 192.9.200.0 255.255.255.0 10.1.0.0 255.255.0.0

nat (inside) 0 access-list 100

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map newmap 20 ipsec-isakmp

crypto map newmap 20 match address 120

crypto map newmap 20 set peer 19.y.y.y

crypto map newmap 20 set transform-set myset

isakmp enable outside

isakmp key 1234 address 19.y.y.y netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 1000

Site 2

Internal network 10.1.x.x

nameif e0 outside sec0

nameif e1 inside sec100

int e0 10baset

int e1 10full

ip address inside 10.1.0.5 255.255.0.0

ip address outside 19.y.y.y 255.255.255.252

route outside 0 0 19.z.z.z 1

access-list 110 permit ip 10.1.0.0 255.255.0.0 192.9.200.0 255.255.255.0

access-list 100 permit ip 10.1.0.0 255.255.0.0 192.9.200.0 255.255.255.0

nat (inside) 0 access-list 100

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map newmap 10 ipsec-isakmp

crypto map newmap 10 match address 110

crypto map newmap 10 set peer 62.x.x.x

crypto map newmap 10 set transform-set myset

crypto map newmap interface outside

isakmp enable outside

isakmp key 1234 address 62.x.x.x netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 1

isakmp policy 10 lifetime 1000

thanks for any help.

cheers

Andy

0 Helpful

mhorbul
Level 1
Level 1
In response to agoodwin

‎06-28-2002 09:15 AM

The crypto map was not applied to the outside interface at site one. I probably would use a different internal ip such as 19.168.xxx.xxx instead on 192.9.

0 Helpful

agoodwin
Level 1
Level 1
In response to mhorbul

‎06-28-2002 10:24 AM

I missed the crypto map thing - thanks and I understand the address issue (but am not allowed to change it!)

cheers for your time.

0 Helpful
Customers Also Viewed These Support Documents