Solved

Site to Site between Cisco PIX and Cisco ASA

Posted on 2009-07-14
5
212 Views
Last Modified: 2012-05-07

I want to established the Site to Site tunnel with one client as i have Cisco PIX at my end and Cisco ASA at Remote end

Please find below the script at my End and let me know where i am missing.

name 172.XX.XX.5 LHI_LAN2 ( Server Address which remote client want to open)
name 172.XX.XX.6 LHI_LAN3 ( Server Address which remote client want to open)
name 172.XX.XX.7 LHI_LAN4 ( Server Address which remote client want to open)
name 12X.2XX.2XX.1XX VPN_Gateway ( Cisco ASA IP)



access-list 99 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.5 255.255.255.255
access-list 99 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.6 255.255.255.255
access-list 99 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.7 255.255.255.255



access-list 60 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.5 255.255.255.255
access-list 60 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.6 255.255.255.255
access-list 60 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.7 255.255.255.255

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac


crypto map remote 60 ipsec-isakmp
crypto map remote 60 match address 60
crypto map remote 60 set peer 12X.2XX.2XX.1XX
crypto map remote 60 set transform-set  ESP-3DES-SHA
crypto map remote 60 set security-association lifetime seconds 28800 kilobytes 4608000

isakmp key  XXXXXXX address 12X.2XX.2XX.1XX netmask 255.255.255.255 no-xauth no-config-mode

isakmp policy 50 authentication pre-share
isakmp policy 50 encryption 3des
isakmp policy 50  hash sha
 isakmp policy 50 group 5
isakmp policy 50 lifetime 86400
0
Comment
Question by:Aariz
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:yashinchalad
ID: 24848252
good enough....

we understand 99 as your nat 0 (nonat) and has
crypto map remote 60 interface <nameif outside>

(if its a new site to site you may need to apply map to interface)

please let me know if you need any help....
0
 

Author Comment

by:Aariz
ID: 24848319
I have fixed the issue here as NAT is not required because both the subnets are not identical.
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 500 total points
ID: 24868706
HI,
In the newer ASA you want to change the script:

crypto map remote 60 ipsec-isakmp
crypto map remote 60 match address 60
crypto map remote 60 set peer 12X.2XX.2XX.1XX
crypto map remote 60 set transform-set  ESP-3DES-SHA

tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key ******



crypto map mymap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 50
 authentication pre-share
 encryption 3des
 hash sha
 group 5
 lifetime 86400
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24868715
crypto map remota interface outside
0
 

Author Closing Comment

by:Aariz
ID: 31603189
I dig more and resolve by my own
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question