Re: tunnel ipsec from router and Isa Server

lformelli · ‎04-14-2006

Hi,

I have an a router Cisco 1700 with a IP public address an interface bri0.

I need to deploy an a tunnel IPSec from the Lan behind this router and that of the headquarters where is an a Isa Server 2003.

Does anybody advice an a document where can I see how do it ?

best regards

Lorenzo

globalnettech · ‎04-15-2006

Buon giorno,

basically, what you need to do is set up both th BRI interface on the 1700 and the ISA server as each other´s peer. The configuration on the 1700 would look like this (all IP addressing is arbitrary):

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

crypto isakmp key cisco123 address 192.168.1.2

!

crypto ipsec transform-set myset1 esp-3des esp-md5-hmac

!

crypto map mymap 10 ipsec-isakmp

set peer 192.168.1.2

set transform-set myset1

!

match address 100

!

interface BRI0

ip address 192.168.1.1 255.255.255.252

crypto map mymap

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.255.0

no ip directed-broadcast

ip nat inside

half-duplex

!

ip http server

no ip http secure-server

ip classless

ip route 0.0.0.0 0.0.0.0 BRI0

!

access-list 100 permit ip 172.16.1.0 0.0.255.255 172.16.2.0 0.0.255.255

On the ISA side, I am not sure if the ISA 2003 has a wizard similar to the 2004, but have a look at this document:

Configuring IPSec Tunnel Mode VPN Between ISA Server 2004 and Cisco PIX v6.3.1

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ipsecvpn.mspx

Although the endpoint in this example is a PIX, the procedure for the ISA is the same.

Let me know if this helps, and if you need more help to get this to work.

Regards,

GNT