I want to set up a VPN connection between a Cisco router 1760 and a PIX 515. Can anyone please give me a configuration suggestion that will work, I have only expirience with PIX.
- posted
17 years ago
cisco config VPN router to pix
Loading thread data ...
- Vote on answer
- posted
17 years ago
I recently did a similar setup with a 1710 and a PIX 515. You need ISAKMP policies and crypto maps with appropriate access lists on both sides. Depending on whether the router has a fixed or a dynamic IP address, you hae to use a dynamic map on the PIX.
On the router:
crypto isakmp policy 11 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key address no-xauth crypto isakmp keepalive 10 5 ! ! crypto ipsec transform-set vpn esp-3des esp-md5-hmac ! crypto map vpn 101 ipsec-isakmp description VPN to PIX set peer set transform-set vpn match address 101 ! interface FastEthernetX crypto map vpn ! access-list 101 permit ip
On the PIX (for a dynamic router address):
sysopt connection permit-ipsec crypto ipsec transform-set vpn esp-3des esp-md5-hmac crypto dynamic-map vpn-dyn 10 set transform-set vpn crypto map vpnmap 101 ipsec-isakmp dynamic vpn-dyn crypto map vpnmap interface outside isakmp enable outside isakmp key address 0.0.0.0 netmask 0.0.0.0 no-xauth no-config-mode isakmp identity address isakmp keepalive 10 5 isakmp nat-traversal 20 isakmp policy 4 authentication pre-share isakmp policy 4 encryption 3des isakmp policy 4 hash md5 isakmp policy 4 group 2 isakmp policy 4 lifetime 86400
And don't forget to include the network behind the router into the "no NAT" ACL on the PIX.
HTH
fw
- Vote on answer
- posted
17 years ago
Thanx, I will try this during the next days
Reili