Solved

Cisco PIX Site to Site VPN - help

Posted on 2007-04-02
2
229 Views
Last Modified: 2010-04-09
We currently have 2 site to site VPNs one from Brghton to London and one from Newcastle to London.
Im trying to set up another  - Newcastle to Brighton.

Here is the original config of the VPN currently set up on Newcastle to London. (the brighton one is almost identical, but has changes to ip etc..)

-------------------------------------------------------------

access-list inside_outbound_nat0_acl permit ip any London-SN1 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any London-SN2 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any 172.16.174.96 255.255.255.240

access-list outside_cryptomap_20 permit ip Newcastle-SN1 255.255.255.0 London-SN1 255.255.255.0
access-list outside_cryptomap_20 permit icmp Newcastle-SN1 255.255.255.0 London-SN1 255.255.255.0
access-list outside_cryptomap_20 permit ip Newcastle-SN1 255.255.255.0 London-SN2 255.255.255.0
access-list outside_cryptomap_20 permit icmp Newcastle-SN1 255.255.255.0 London-SN2 255.255.255.0

nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group inside_access_in in interface inside

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer London-GW
crypto map outside_map 20 set transform-set ESP-3DES-MD5

isakmp enable outside
isakmp key ******** address London-GW netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400

--------------------------------------------------------------

These are the additional settings ive added on newcastle.

--------------------------------------------------------------

access-list inside_outbound_nat0_acl permit ip any Brighton-SN1 255.255.255.0

access-list outside_cryptomap_21 permit ip Newcastle-SN1 255.255.255.0 Brighton-SN1 255.255.255.0
access-list outside_cryptomap_21 permit icmp Newcastle-SN1 255.255.255.0 Brighton-SN1 255.255.255.0

crypto map outside_map 21 ipsec-isakmp
crypto map outside_map 21 match address outside_cryptomap_21
crypto map outside_map 21 set peer Brighton-GW
crypto map outside_map 21 set transform-set ESP-3DES-MD5

isakmp key ******** address Brighton-GW netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 21 authentication pre-share
isakmp policy 21 encryption 3des
isakmp policy 21 hash md5
isakmp policy 21 group 2
isakmp policy 21 lifetime 86400

-----------------------------------------------------------

Ive set up a smiliar one for the brighton config. replacing values etc.. to match the connection.

Anyone see anything wrong with that or if ive missed anything out?
0
Comment
Question by:chouckham
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 18836621
Here's a great example for PIX-PIX fully meshed, which is what you are describing:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800a2cce.shtml

0
 
LVL 3

Author Comment

by:chouckham
ID: 18836652
you STAR!
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question