Advertisement

03.31.2008 at 09:03AM PDT, ID: 23282959
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.8

Cisco ASA5510 <> Cisco 1841 Router VPN

Asked by PeteLong in Cisco PIX Firewall, Network Routers, Virtual Private Networking (VPN)

I Put in an ASA5510 Firewall a while back, they needed a VPN tunnel to a router, but at the time they could not access the router but I was told....

Set the ASA to

Authentication pre share
Shared secret 1234567890Companyxyz
Encryption DES
Hash MD5
DH Group 2
PFS - Yes gorup 2
Router IP 83.555.555.555 (anonomised abviously)

I set up the tunnel - nothing came up - I fiannly got access this week to the router (I know zippity squat about routers).

Config attached

As far as I can tell theres nothing in there that equates to this - would that be correct???

So if I am correct what do I need to enter on the 1841 Router (I can reprogram the ASA in my sleep so Im not worried about that - so if you have a working 3DES SHA with no PFS I can use that)

Pete

Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:

CompanyXYZ-Gateway#show run
Building configuration...
 
Current configuration : 4782 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CompanyXYZ-Gateway
!
boot-start-marker
boot system flash c1841-advsecurityk9-mz.124-6.T6.bin
boot-end-marker
!
no logging buffered
enable secret 5 $xxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2868124135
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2868124135
 revocation-check none
 rsakeypair TP-self-signed-2868124135
!
!
crypto pki certificate chain TP-self-signed-2868124135
 certificate self-signed 01
  xxxxxxxx 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32383638 31323431 3335301E 170D3037 31313232 31383535
  30395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38363831
  32343133 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BA20 D6F9B8B3 61304A36 6A27EAF7 60E3E6A6 EBDB92F7 BBF9ED50 6C72F366
  1AFB22BD A26B5256 E97E192B 0D494CAC E47E7239 2E22AC1D 62FFFF76 505085D9
  A38CF42E 9D9F24A0 383F5936 02713603 AA1E3F1B E0C060EF 213357E4 A2FA6082
  29D9FCCD 76C64A00 ED841439 838AAB27 163FDCE8 F69E4A9B 69417DC0 46F6CC01
  EBAD0203 010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603
  551D1104 0D300B82 09636973 636F3138 3431301F 0603551D 23041830 168014D0
  D8DC2108 4780AC90 66A7F456 5B1384FD 0C3D2830 1D060355 1D0E0416 0414D0D8
  DC210847 80AC9066 A7F4565B 1384FD0C 3D28300D 06092A86 4886F70D 01010405
  00038181 005E5BE7 2247CE52 1753B638 939F6504 0D15DE0E 121C243A B0150A59
  6B7C9727 32B80EDD A1798374 27075C14 6E33F05B E2159181 BAF09301 145ACA4E
  5E2AC096 C07A4061 7C01E1E5 A02DDD76 646B2EA2 7F9A452F 6CBCE4F6 DE646F81
  3E71C75B 5EB5504E 1F564533 F6430D8E 1172A239 5BDD6E14 85B98AE1 A544C9F3
  xxxxxxxx 29
  quit
username CompanyXYZit privilege 15 password 7 096D401A160B3743595F50
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 3
 encr 3des
 group 2
!
crypto isakmp client configuration group CompanyXYZdubai
 key Easy2Break
 pool SDM_POOL_1
 acl 100
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 set transform-set ESP-3DES-SHA
 reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface FastEthernet0/0
 ip address 192.168.0.250 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 83.555.555.555 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 crypto map SDM_CMAP_1
!
ip local pool SDM_POOL_1 192.168.0.221 192.168.0.230
ip route 0.0.0.0 0.0.0.0 83.555.555.556
!
!
no ip http server
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Serial0/0/0 overload
!
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 120 remark SDM_ACL Category=2
access-list 120 deny   ip 192.168.0.0 0.0.0.255 host 192.168.0.221
access-list 120 deny   ip 192.168.0.0 0.0.0.255 host 192.168.0.222
access-list 120 deny   ip 192.168.0.0 0.0.0.255 host 192.168.0.223
access-list 120 deny   ip 192.168.0.0 0.0.0.255 host 192.168.0.224
access-list 120 deny   ip 192.168.0.0 0.0.0.255 host 192.168.0.225
access-list 120 deny   ip 192.168.0.0 0.0.0.255 host 192.168.0.226
access-list 120 deny   ip 192.168.0.0 0.0.0.255 host 192.168.0.227
access-list 120 deny   ip 192.168.0.0 0.0.0.255 host 192.168.0.228
access-list 120 deny   ip 192.168.0.0 0.0.0.255 host 192.168.0.229
access-list 120 deny   ip 192.168.0.0 0.0.0.255 host 192.168.0.230
access-list 120 permit ip 192.168.0.0 0.0.0.255 any
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 120
!
!
!
control-plane
!
banner login ^C
________________________________________________
Login to CompanyXYZ Private System, Authenticate !
________________________________________________
^C
!
line con 0
 password 7 xxxxxxxxxxxxxxxxxx
line aux 0
line vty 0 4
 password 7 xxxxxxxxxxxxxxxxxxxx
!
scheduler allocate 20000 1000
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
 
CompanyXYZ-Gateway#
[+][-]04.01.2008 at 08:31AM PDT, ID: 21254906

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Cisco PIX Firewall, Network Routers, Virtual Private Networking (VPN)
Sign Up Now!
Solution Provided By: batry_boy
Participating Experts: 1
Solution Grade: A
 
 
[+][-]04.01.2008 at 10:34AM PDT, ID: 21256217

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628