adrianjfx
asked on
PIX SITE TO SITE FROM (ISA)
Current implementation rtr->pix->isa where the vpn site to tsite is established through the isa and the protocols are forwarded to the pix. want to remove isa due it being a single point of failure and taking advantage of the failover i have implemented on the pix 515E 6.3.3
i started to try config from the isa config
Remote Site X.Y.Z.46
ESP - Triple DES with SHA1 Integrity
IKE Encryption and Diffie-Hellman Group Triple DES with Group 2 (1024-bit prime)
Perfect Forward Secrecy (Disabled)
Compression (Disabled)
Rekey Timeout (08:00:00) "in hours"
Rekey Data Count (None)
ISAKMP Retransmission Interval (1440) "in minutes"
ISAKMP Retransmission Max Attempts (4)
Pre-Shared Key ( to be negotiated )
Network routing on our side (hosts):
10.48.239.56
10.48.239.75
10.48.239.199
My Site
Our Endpoint X.X.X.173
ESP Triple DES with SHA1 Integrity
IKE Encryption and Diffie-Hellman Group Triple DES with Group 2 (1024-bit prime)
Perfect Forward Secrecy (Disabled)
Rekey Timeout 28800 seconds = 8 hours
Rekey Data Count (None)
Pre-Shared Key (to be negotiated)
This is what i started to create, some guidance please
isakmp enable outside
isakmp policy 9 authentication pre-share
isakmp policy 9 encrypt 3des
crypto isakmp key 12345678 address X.Y.Z.46
crypto ipsec transform-set strong esp-3des esp-sha-hmac
access-list 90 permit ip host X.Y.Z.46
networks on my side
10.168.4.0 /24
10.168.0.0 /22
hosts on remote site
10.48.239.56
10.48.239.75
10.48.239.199
i started to try config from the isa config
Remote Site X.Y.Z.46
ESP - Triple DES with SHA1 Integrity
IKE Encryption and Diffie-Hellman Group Triple DES with Group 2 (1024-bit prime)
Perfect Forward Secrecy (Disabled)
Compression (Disabled)
Rekey Timeout (08:00:00) "in hours"
Rekey Data Count (None)
ISAKMP Retransmission Interval (1440) "in minutes"
ISAKMP Retransmission Max Attempts (4)
Pre-Shared Key ( to be negotiated )
Network routing on our side (hosts):
10.48.239.56
10.48.239.75
10.48.239.199
My Site
Our Endpoint X.X.X.173
ESP Triple DES with SHA1 Integrity
IKE Encryption and Diffie-Hellman Group Triple DES with Group 2 (1024-bit prime)
Perfect Forward Secrecy (Disabled)
Rekey Timeout 28800 seconds = 8 hours
Rekey Data Count (None)
Pre-Shared Key (to be negotiated)
This is what i started to create, some guidance please
isakmp enable outside
isakmp policy 9 authentication pre-share
isakmp policy 9 encrypt 3des
crypto isakmp key 12345678 address X.Y.Z.46
crypto ipsec transform-set strong esp-3des esp-sha-hmac
access-list 90 permit ip host X.Y.Z.46
networks on my side
10.168.4.0 /24
10.168.0.0 /22
hosts on remote site
10.48.239.56
10.48.239.75
10.48.239.199
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
will try it out