Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure an IPsec VPN tunnel between a PIX Firewall and a Cisco IOS router

Resolution

IP Security (IPsec) can be configured on a network between a PIX Firewall and a Cisco IOS® router. These tasks must be addressed when you configure IPsec between the PIX and the router:

  • Configure Internet Key Exchange (IKE) for pre-shared keys.
  • Configure IPsec.
  • Configure Network Address Translation (NAT).
  • Configure PIX system options (on the PIX only).

When you configure IKE for the pre-shared key, make sure the selected key matches exactly on both sides. The key is case sensitive.

Once you have finished that phase of the setup on the endpoint devices, the PIX, and the router, you must configure IPsec. The Access Control List (ACL) that the match address commands point to determines what traffic needs to go across the IPsec tunnel. No other traffic uses the tunnel.

For a full explanation and an example of the configuration necessary to set up the IPsec tunnel, refer to Configuring IPsec - Router to PIX.

These tasks must be addressed when you configure IPsec between PIX version 7.x and the router:

  • Configure the ISAKMP policy and enable ISAKMP on the outside interface.
  • Create a transform set.
  • Configure an ACL.
  • Define a tunnel group.
  • Create a crypto map and apply it to an interface.

For additional information, refer to Configuring IPsec Router to PIX Version 7.x.

Note: The debug and show commands differ slightly between the PIX and the router. Those specific commands are located at the end of the document.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:05 PM
Updated by:
 
Labels (1)