[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Cisco PIX Site to Site VPN - help

Posted on 2007-04-02
2
Medium Priority
?
240 Views
Last Modified: 2010-04-09
We currently have 2 site to site VPNs one from Brghton to London and one from Newcastle to London.
Im trying to set up another  - Newcastle to Brighton.

Here is the original config of the VPN currently set up on Newcastle to London. (the brighton one is almost identical, but has changes to ip etc..)

-------------------------------------------------------------

access-list inside_outbound_nat0_acl permit ip any London-SN1 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any London-SN2 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any 172.16.174.96 255.255.255.240

access-list outside_cryptomap_20 permit ip Newcastle-SN1 255.255.255.0 London-SN1 255.255.255.0
access-list outside_cryptomap_20 permit icmp Newcastle-SN1 255.255.255.0 London-SN1 255.255.255.0
access-list outside_cryptomap_20 permit ip Newcastle-SN1 255.255.255.0 London-SN2 255.255.255.0
access-list outside_cryptomap_20 permit icmp Newcastle-SN1 255.255.255.0 London-SN2 255.255.255.0

nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group inside_access_in in interface inside

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer London-GW
crypto map outside_map 20 set transform-set ESP-3DES-MD5

isakmp enable outside
isakmp key ******** address London-GW netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400

--------------------------------------------------------------

These are the additional settings ive added on newcastle.

--------------------------------------------------------------

access-list inside_outbound_nat0_acl permit ip any Brighton-SN1 255.255.255.0

access-list outside_cryptomap_21 permit ip Newcastle-SN1 255.255.255.0 Brighton-SN1 255.255.255.0
access-list outside_cryptomap_21 permit icmp Newcastle-SN1 255.255.255.0 Brighton-SN1 255.255.255.0

crypto map outside_map 21 ipsec-isakmp
crypto map outside_map 21 match address outside_cryptomap_21
crypto map outside_map 21 set peer Brighton-GW
crypto map outside_map 21 set transform-set ESP-3DES-MD5

isakmp key ******** address Brighton-GW netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 21 authentication pre-share
isakmp policy 21 encryption 3des
isakmp policy 21 hash md5
isakmp policy 21 group 2
isakmp policy 21 lifetime 86400

-----------------------------------------------------------

Ive set up a smiliar one for the brighton config. replacing values etc.. to match the connection.

Anyone see anything wrong with that or if ive missed anything out?
0
Comment
Question by:chouckham
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 18836621
Here's a great example for PIX-PIX fully meshed, which is what you are describing:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800a2cce.shtml

0
 
LVL 3

Author Comment

by:chouckham
ID: 18836652
you STAR!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question