We help IT Professionals succeed at work.

How to configure Ipsec Tunnel

pawanopensource
on
Medium Priority
576 Views
Last Modified: 2012-05-11



      
How to Create Ip Sec Tunnel between FW 1 (PIX) and FW2 (PIX)

1      - R1 is connected to PIX(FW1)

2      - R1 routes are pointed towards FW1
                      Ip route 0.0.0.0 0.0.0.0 1.1.1.2

3                  - On R1 routes of 1.1.1.0, and 4.4.4.0 should be allowed through ipsec
                      tunnel.
                 
 4                     - routes of 3.3.3.0 should not be allowed through ipsec tunnel.

##################################################################

experts please point me to right direction how to achieve this.
How-to-Create-Ipsec-Tunnel.jpg
Comment
Watch Question

Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
i have configured R1, FW1,FW2.  problem which i am facing.

From R1 i cant ping 2.2.2.1 (FW1) e1

From FW2 i cant ping 1.1.1.2 (FW1) e0

below is the config which i have done in R1,FW1,FW2

###################################################################



R1#interface Ethernet0/0
 ip address 1.1.1.1 255.255.255.0
 half-duplex
!
R1#interface Ethernet0/1
 ip address 3.3.3.3 255.255.255.0
 half-duplex
!
R1#Ethernet0/2
 ip address 4.4.4.4 255.255.255.0
 half-duplex
!
R1#ip route 0.0.0.0 0.0.0.0 1.1.1.2



##############################################################


FW1#interface Ethernet0
 nameif outside
 security-level 0
 ip address 1.1.1.2 255.255.255.0
!
FW1#interface Ethernet1
 nameif inside
 security-level 100
 ip address 2.2.2.1 255.255.255.0


FW1#route outside 0.0.0.0 0.0.0.0 1.1.1.1 1


#######################################################################


FW2#interface Ethernet0
 nameif outside
 security-level 0
 ip address 2.2.2.2 255.255.255.0

FW2#route outside 0.0.0.0 0.0.0.0 2.2.2.1 1

##########################################################################

thanks
I think you got it all mixed together and u didn't read the link i sent you obviously. You have configured inte rface e0 of FW2 as outside interface but you are connecting it to interface e1 of FW1 which you have incorrectly configured as inside interface. The correct thing u need to do is;

FW1 E0  is inside interface and security level should be 0
FW1 E1  is outside interface and security level should be`100
FW2 E0  is outside interface and security level should be100

Also spare just 5 minutes to read the link i sent you for your own education. It is easy you copy a nd paste what we type here and it works but u haven't learnt anything.

Author

Commented:
ok done changes according to u, R1 isable to ping inside interface i.e E0 of FW1but R1  not able to ping outside interface (E1) of FW1.

Author

Commented:
my dear friend, from doing google i came to know that by default pix's outside interface never reply to ping,i think  we have to allow icmp for outside int through acl in (FW1)
yes icmp is not allowed by defaul. only tcp is allowed by default. as u said u need to permit icmp protocol.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.