Solved

Cisco PIX Site to Site VPN - help

Posted on 2007-04-02
2
228 Views
Last Modified: 2010-04-09
We currently have 2 site to site VPNs one from Brghton to London and one from Newcastle to London.
Im trying to set up another  - Newcastle to Brighton.

Here is the original config of the VPN currently set up on Newcastle to London. (the brighton one is almost identical, but has changes to ip etc..)

-------------------------------------------------------------

access-list inside_outbound_nat0_acl permit ip any London-SN1 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any London-SN2 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any 172.16.174.96 255.255.255.240

access-list outside_cryptomap_20 permit ip Newcastle-SN1 255.255.255.0 London-SN1 255.255.255.0
access-list outside_cryptomap_20 permit icmp Newcastle-SN1 255.255.255.0 London-SN1 255.255.255.0
access-list outside_cryptomap_20 permit ip Newcastle-SN1 255.255.255.0 London-SN2 255.255.255.0
access-list outside_cryptomap_20 permit icmp Newcastle-SN1 255.255.255.0 London-SN2 255.255.255.0

nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group inside_access_in in interface inside

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer London-GW
crypto map outside_map 20 set transform-set ESP-3DES-MD5

isakmp enable outside
isakmp key ******** address London-GW netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400

--------------------------------------------------------------

These are the additional settings ive added on newcastle.

--------------------------------------------------------------

access-list inside_outbound_nat0_acl permit ip any Brighton-SN1 255.255.255.0

access-list outside_cryptomap_21 permit ip Newcastle-SN1 255.255.255.0 Brighton-SN1 255.255.255.0
access-list outside_cryptomap_21 permit icmp Newcastle-SN1 255.255.255.0 Brighton-SN1 255.255.255.0

crypto map outside_map 21 ipsec-isakmp
crypto map outside_map 21 match address outside_cryptomap_21
crypto map outside_map 21 set peer Brighton-GW
crypto map outside_map 21 set transform-set ESP-3DES-MD5

isakmp key ******** address Brighton-GW netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 21 authentication pre-share
isakmp policy 21 encryption 3des
isakmp policy 21 hash md5
isakmp policy 21 group 2
isakmp policy 21 lifetime 86400

-----------------------------------------------------------

Ive set up a smiliar one for the brighton config. replacing values etc.. to match the connection.

Anyone see anything wrong with that or if ive missed anything out?
0
Comment
Question by:chouckham
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 18836621
Here's a great example for PIX-PIX fully meshed, which is what you are describing:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800a2cce.shtml

0
 
LVL 3

Author Comment

by:chouckham
ID: 18836652
you STAR!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question