Juniper command in cisco config.

I have a guide to setup a tunnel for a juniper the commands I am unsure about how to configure on the Cisco PIX 501 are

set interface tunnel.142 ip unnumbered interface ethernet2/1
set interface "tunnel.142" mip 172.17.16.117 host 10.1.0.84 netmask 255.255.255.255 vr "trust-vr"

Also  

set route 192.168.117.0/24 interface tunnel.142 preference 20 permanent

What would the same commands be if configured on a Cisco PIX 501
Don ColemanOwnerAsked:
Who is Participating?
 
Charlie2012Connect With a Mentor Commented:
PIX Firewall Configuration:

VPN Phase 1 Configuration:

isakmp enable outside
isakmp key netscreen address x.x.x.x netmask 255.255.255.255 no-xauth
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
VPN Phase 2 Configuration:

access-list 101 permit ip x.x.x.x 0.0.0.255 x.x.x.x 0.0.0.255
crypto ipsec transform-set nsset esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 3600
crypto map nsmap 10 ipsec-isakmp
crypto map nsmap 10 match address 101
crypto map nsmap 10 set peer x.x.x.x
crypto map nsmap 10 set transform-set nsset
crypto map nsmap interface outside


http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/ike.html#wpxref99203
0
 
Charlie2012Commented:
For Route Based VPN Juniper Firewall Configuration:


1. VPN Phase 1:

set ike gateway "To-Cisco" address x.x.x.x Main outgoing-interface "ethernet1" preshare "netscreen" proposal "pre-g2-des-sha"
VPN Phase 2:

set vpn "To-Cisco-VPN" gateway "To-Cisco" no-replay tunnel idletime 0 proposal "nopfs-esp-des-sha"
Create Tunnel Interface and bind it to the VPN “To-Cisco-VPN"

set interface "tunnel.1" zone "Trust"
set interface tunnel.1 ip unnumbered interface ethernet1
set vpn "To-Cisco-VPN" bind interface tunnel.1
Proxy ID setup, Proxy id has to be matched with the Access-list of the PIX. That is a limitation for a route-based VPN of Juniper Firewall if there is multiple access-list configured on PIX. In multiple access-list scenario, a Policy-based VPN should be considered.

set vpn "To-Cisco-VPN" proxy-id local-ip x.x.x.x/x remote-ip x.x.x.x/x "ANY"
Setup static route to route traffic destined to the remote inside network via the tunnel interface created in step 3.

set route x.x.x.x/x interface tunnel.1

PIX Firewall Configuration:

VPN Phase 1 Configuration:

isakmp enable outside
isakmp key netscreen address x.x.x.x netmask 255.255.255.255 no-xauth
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
VPN Phase 2 Configuration:

access-list 101 permit ip x.x.x.x 0.0.0.255 x.x.x.x 0.0.0.255
crypto ipsec transform-set nsset esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 3600
crypto map nsmap 10 ipsec-isakmp
crypto map nsmap 10 match address 101
crypto map nsmap 10 set peer x.x.x.x
crypto map nsmap 10 set transform-set nsset
crypto map nsmap interface outside



Useful Commands to verify the VPN connection on the PIX firewall:

pixfirewall# show crypto ipsec sa


interface: outside
    Crypto map tag: nsmap, local addr. 2.2.2.1

   local  ident (addr/mask/prot/port): (x.x.x.x/subnetmask/0/0)
   remote ident (addr/mask/prot/port): (x.x.x.x/subnetmask/0/0)
   current_peer: x.x.x.x:500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 37, #pkts encrypt: 37, #pkts digest 37
    #pkts decaps: 37, #pkts decrypt: 37, #pkts verify 37
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
    #send errors 12, #recv errors 0

     local crypto endpt.: x.x.x.x, remote crypto endpt.: x.x.x.x
     path mtu 1500, ipsec overhead 56, media mtu 1500
     current outbound spi: 0


Hope this helps
0
 
Don ColemanOwnerAuthor Commented:
Thanks for the quick reply I am not configuring the Juniper but they sent me a guide for setting a tunnel up on a juniper and I want to configure it on a Cisco PIX 501

Here is the entire config they gave me to configure on a Juniper I would like to know how to do it on the PIX 501 thanks.
0
 
Don ColemanOwnerAuthor Commented:
Thanks for the response I was able to figure it out your config looks to be what I was looking for with the exception of 3des instead of des.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.