Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

VPN on PIX 515E

Can anyone help me setting up a vpn through pix, actually i have to setup a vpn tunnel using crypto ipsec and isakmp. if anyone can tell me with some good material to read or configuration web site.

3 REPLIES

Re: VPN on PIX 515E

Here is an config example:

PIX> enable

PIX# configure terminal

If there is more control needed or there is no sysopt connection permit-ipsec then use acces-list acs-outside.

PIX(config)# sysopt connection permit-ipsec

or

PIX(config)# access-list acs-outside permit udp host VPNPeer host MyPublicIP eq isakmp

PIX(config)# access-list acs-outside permit esp host VPNPeer host MyPublicIP

PIX(config)# access-list acs-outside permit ah host VPNPeer host MyPublicIP

PIX(config)# access-group acs-outside in interface outside

STEP 1 - Configure IKE

PIX(config)# isakmp enable outside

PIX(config)# isakmp policy 10 authentication pre-share

PIX(config)# isakmp policy 10 encryption 3des

PIX(config)# isakmp policy 10 hash md5

PIX(config)# isakmp policy 10 group 2

PIX(config)# isakmp policy 10 lifetime 86400

PIX(config)# Isakmp identity address

PIX(config)# isakmp key your-vpn-password address PEER-IP netmask 255.255.255.255

STEP 2 - Configure IPSEC

PIX(config)# access-list NONAT permit ip Internalnet ISubnet Externalnet Esubnet

PIX(config)# global (outside) 1 interface

PIX(config)# nat (inside) 0 access-list NONAT

PIX(config)# nat (inside) 1 0.0.0.0 0.0.0.0 0 0

PIX(config)# access-list VPN permit ip Internalnet ISubnet Externalnet ESubnet

PIX(config)# crypto ipsec transform-set TRANS esp-des esp-md5-hmac

PIX(config)# crypto map REMOTE 10 ipsec-isakmp

PIX(config)# crypto map REMOTE 10 match address VPN

PIX(config)# crypto map REMOTE 10 set peer PEER-IP

PIX(config)# crypto map REMOTE 10 set transform-set TRANS

PIX(config)# crypto map REMOTE interface outside

Some more readings:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_book09186a0080172852.html

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

sincerely

Patrick

Re: VPN on PIX 515E

hi

This link has the whole repository of config samples discussed which can help you to get your PIX configured..

http://cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

regds

Re: VPN on PIX 515E

If you have access to teh PDM then this site will be very helpful for you

http://www.cisco.com/warp/public/471/l2l-tunnel-using-pdm.html

93
Views
0
Helpful
3
Replies