?
Solved

Site to Site between Cisco PIX and Cisco ASA

Posted on 2009-07-14
5
Medium Priority
?
216 Views
Last Modified: 2012-05-07

I want to established the Site to Site tunnel with one client as i have Cisco PIX at my end and Cisco ASA at Remote end

Please find below the script at my End and let me know where i am missing.

name 172.XX.XX.5 LHI_LAN2 ( Server Address which remote client want to open)
name 172.XX.XX.6 LHI_LAN3 ( Server Address which remote client want to open)
name 172.XX.XX.7 LHI_LAN4 ( Server Address which remote client want to open)
name 12X.2XX.2XX.1XX VPN_Gateway ( Cisco ASA IP)



access-list 99 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.5 255.255.255.255
access-list 99 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.6 255.255.255.255
access-list 99 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.7 255.255.255.255



access-list 60 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.5 255.255.255.255
access-list 60 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.6 255.255.255.255
access-list 60 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.7 255.255.255.255

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac


crypto map remote 60 ipsec-isakmp
crypto map remote 60 match address 60
crypto map remote 60 set peer 12X.2XX.2XX.1XX
crypto map remote 60 set transform-set  ESP-3DES-SHA
crypto map remote 60 set security-association lifetime seconds 28800 kilobytes 4608000

isakmp key  XXXXXXX address 12X.2XX.2XX.1XX netmask 255.255.255.255 no-xauth no-config-mode

isakmp policy 50 authentication pre-share
isakmp policy 50 encryption 3des
isakmp policy 50  hash sha
 isakmp policy 50 group 5
isakmp policy 50 lifetime 86400
0
Comment
Question by:Aariz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:yashinchalad
ID: 24848252
good enough....

we understand 99 as your nat 0 (nonat) and has
crypto map remote 60 interface <nameif outside>

(if its a new site to site you may need to apply map to interface)

please let me know if you need any help....
0
 

Author Comment

by:Aariz
ID: 24848319
I have fixed the issue here as NAT is not required because both the subnets are not identical.
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 1500 total points
ID: 24868706
HI,
In the newer ASA you want to change the script:

crypto map remote 60 ipsec-isakmp
crypto map remote 60 match address 60
crypto map remote 60 set peer 12X.2XX.2XX.1XX
crypto map remote 60 set transform-set  ESP-3DES-SHA

tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key ******



crypto map mymap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 50
 authentication pre-share
 encryption 3des
 hash sha
 group 5
 lifetime 86400
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24868715
crypto map remota interface outside
0
 

Author Closing Comment

by:Aariz
ID: 31603189
I dig more and resolve by my own
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question