Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to set up Site to Site VPN on Cisco PIX Ver. 6.3 (4)

Posted on 2013-01-21
4
Medium Priority
?
903 Views
Last Modified: 2013-01-21
How do I set up a Site to Site VPN

Peer IP Address:  9.9.9.9  
IKE Version 2
Local Network:   4.3.2.1/29
Remote Network:  17vp2.20.1.0/29
Preshared Key:  CCA-VPN-123
Encryption Alg IPSEC ESP-3DES-SHA
NO PFS
Traffic should be Exempt
SA Time = 8:0:0
SA Traffic 4608000
Bidirectional.  


Looking for the commands to enter step by step to accomplish this.
Thanks
0
Comment
Question by:marchopkins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 11

Expert Comment

by:Giladn
ID: 38801958
you can find it very clean in this link:

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sit2site.html

looks simple, post back if you are having problems..

G
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 38802946
PIX version 6 does not support IKE version 2 :(

Pete
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 38802990
But IKE v1.................

access-list 101 permit ip 4.3.2.1 255.255.255.248 172.20.1.0 255.255.255.248
access-list 102 permit ip 4.3.2.1 255.255.255.248 172.20.1.0 255.255.255.248
nat (inside) 0 access-list 101
sysopt connection permit-ipsec
crypto ipsec transform-set USEME esp-3des esp-sha-hmac
crypto map sitevpn 10 ipsec-isakmp
crypto map sitevpn 10 10 match address 102
crypto map sitevpn 10 10 set pfs group2
crypto map sitevpn 10 10 set peer 9.9.9.9
crypto map sitevpn 10 10 set transform-set USEME
crypto map sitevpn 10 interface outside
isakmp enable outside
isakmp key CCA-VPN-123 address 9.9.9.9 netmask 255.255.255.225
isakmp identity address
isakmp keepalive 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

Cisco PIX 500 - IPSEC Site to Site VPNs (v6)


Pete
0
 

Author Closing Comment

by:marchopkins
ID: 38803066
Just what i asked for ...you da man!!!
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question