Solved

Site to Site between Cisco PIX and Cisco ASA

Posted on 2009-07-14
5
211 Views
Last Modified: 2012-05-07

I want to established the Site to Site tunnel with one client as i have Cisco PIX at my end and Cisco ASA at Remote end

Please find below the script at my End and let me know where i am missing.

name 172.XX.XX.5 LHI_LAN2 ( Server Address which remote client want to open)
name 172.XX.XX.6 LHI_LAN3 ( Server Address which remote client want to open)
name 172.XX.XX.7 LHI_LAN4 ( Server Address which remote client want to open)
name 12X.2XX.2XX.1XX VPN_Gateway ( Cisco ASA IP)



access-list 99 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.5 255.255.255.255
access-list 99 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.6 255.255.255.255
access-list 99 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.7 255.255.255.255



access-list 60 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.5 255.255.255.255
access-list 60 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.6 255.255.255.255
access-list 60 permit ip 10.X.0.0 255.255.0.0 172.XX.XX.7 255.255.255.255

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac


crypto map remote 60 ipsec-isakmp
crypto map remote 60 match address 60
crypto map remote 60 set peer 12X.2XX.2XX.1XX
crypto map remote 60 set transform-set  ESP-3DES-SHA
crypto map remote 60 set security-association lifetime seconds 28800 kilobytes 4608000

isakmp key  XXXXXXX address 12X.2XX.2XX.1XX netmask 255.255.255.255 no-xauth no-config-mode

isakmp policy 50 authentication pre-share
isakmp policy 50 encryption 3des
isakmp policy 50  hash sha
 isakmp policy 50 group 5
isakmp policy 50 lifetime 86400
0
Comment
Question by:Aariz
  • 2
  • 2
5 Comments
 
LVL 5

Expert Comment

by:yashinchalad
ID: 24848252
good enough....

we understand 99 as your nat 0 (nonat) and has
crypto map remote 60 interface <nameif outside>

(if its a new site to site you may need to apply map to interface)

please let me know if you need any help....
0
 

Author Comment

by:Aariz
ID: 24848319
I have fixed the issue here as NAT is not required because both the subnets are not identical.
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 500 total points
ID: 24868706
HI,
In the newer ASA you want to change the script:

crypto map remote 60 ipsec-isakmp
crypto map remote 60 match address 60
crypto map remote 60 set peer 12X.2XX.2XX.1XX
crypto map remote 60 set transform-set  ESP-3DES-SHA

tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key ******



crypto map mymap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 50
 authentication pre-share
 encryption 3des
 hash sha
 group 5
 lifetime 86400
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24868715
crypto map remota interface outside
0
 

Author Closing Comment

by:Aariz
ID: 31603189
I dig more and resolve by my own
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now