Resolution

IP Security (IPsec) can be configured on a network between a PIX Firewall and a Cisco IOS® router. These tasks must be addressed when you configure IPsec between the PIX and the router:

• Configure Internet Key Exchange (IKE) for pre-shared keys.
• Configure IPsec.
• Configure Network Address Translation (NAT).
• Configure PIX system options (on the PIX only).

When you configure IKE for the pre-shared key, make sure the selected key matches exactly on both sides. The key is case sensitive.

Once you have finished that phase of the setup on the endpoint devices, the PIX, and the router, you must configure IPsec. The Access Control List (ACL) that the match address commands point to determines what traffic needs to go across the IPsec tunnel. No other traffic uses the tunnel.

For a full explanation and an example of the configuration necessary to set up the IPsec tunnel, refer to Configuring IPsec - Router to PIX.

These tasks must be addressed when you configure IPsec between PIX version 7.x and the router:

• Configure the ISAKMP policy and enable ISAKMP on the outside interface.
• Create a transform set.
• Configure an ACL.
• Define a tunnel group.
• Create a crypto map and apply it to an interface.

For additional information, refer to Configuring IPsec Router to PIX Version 7.x.

Note: The debug and show commands differ slightly between the PIX and the router. Those specific commands are located at the end of the document.