Solved

Cisco PIX Site to Site VPN - help

Posted on 2007-04-02
2
220 Views
Last Modified: 2010-04-09
We currently have 2 site to site VPNs one from Brghton to London and one from Newcastle to London.
Im trying to set up another  - Newcastle to Brighton.

Here is the original config of the VPN currently set up on Newcastle to London. (the brighton one is almost identical, but has changes to ip etc..)

-------------------------------------------------------------

access-list inside_outbound_nat0_acl permit ip any London-SN1 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any London-SN2 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any 172.16.174.96 255.255.255.240

access-list outside_cryptomap_20 permit ip Newcastle-SN1 255.255.255.0 London-SN1 255.255.255.0
access-list outside_cryptomap_20 permit icmp Newcastle-SN1 255.255.255.0 London-SN1 255.255.255.0
access-list outside_cryptomap_20 permit ip Newcastle-SN1 255.255.255.0 London-SN2 255.255.255.0
access-list outside_cryptomap_20 permit icmp Newcastle-SN1 255.255.255.0 London-SN2 255.255.255.0

nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group inside_access_in in interface inside

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer London-GW
crypto map outside_map 20 set transform-set ESP-3DES-MD5

isakmp enable outside
isakmp key ******** address London-GW netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400

--------------------------------------------------------------

These are the additional settings ive added on newcastle.

--------------------------------------------------------------

access-list inside_outbound_nat0_acl permit ip any Brighton-SN1 255.255.255.0

access-list outside_cryptomap_21 permit ip Newcastle-SN1 255.255.255.0 Brighton-SN1 255.255.255.0
access-list outside_cryptomap_21 permit icmp Newcastle-SN1 255.255.255.0 Brighton-SN1 255.255.255.0

crypto map outside_map 21 ipsec-isakmp
crypto map outside_map 21 match address outside_cryptomap_21
crypto map outside_map 21 set peer Brighton-GW
crypto map outside_map 21 set transform-set ESP-3DES-MD5

isakmp key ******** address Brighton-GW netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 21 authentication pre-share
isakmp policy 21 encryption 3des
isakmp policy 21 hash md5
isakmp policy 21 group 2
isakmp policy 21 lifetime 86400

-----------------------------------------------------------

Ive set up a smiliar one for the brighton config. replacing values etc.. to match the connection.

Anyone see anything wrong with that or if ive missed anything out?
0
Comment
Question by:chouckham
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 18836621
Here's a great example for PIX-PIX fully meshed, which is what you are describing:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800a2cce.shtml

0
 
LVL 3

Author Comment

by:chouckham
ID: 18836652
you STAR!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Supervisor upgrade to 2T 3 49
cannot connect to openvpn server 9 60
Random Terminal Server disconnections. 2 98
switch design question 6 16
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now