Popular
Latest Articles
- Oracle 11g / Fedora 13 - Error in invoking target 'agent nmb nmo nmhs tclexec'
- Cisco Router Zone Based Firewall Configuation Guide - Video Tutorial
- Installing GNS3 0.7.2 onto Fedora 13
- Configuring a Pre-Shared Site to Site VPN between 2 Cisco Routers
- IPv4 Subnetting Notes
- Types of IDS Alerts
- How to run vSphere using SSH tunnelling
- Compiling Rancid on an x86 Solaris 10 platform
PIX - VPN - Site 2 Site
Sunday, 18 May 2008 13:43
PIX 7.2
(config)#isakmp enable outside
(config)#isakmp policy 10
(config-isakmp-policy)# encryption aes-256
(config-isakmp-policy)# hash sha
(config-isakmp-policy)# authentication pre-share
(config-isakmp-policy)# group 1
(config-isakmp-policy)# lifetime 86400
(config)#isakmp key shabba address 1.1.1.1 netmask 255.255.255.255 no-xauth
(config)#access-list ED permit ip 172.16.1.0 255.255.255.0 172.16.5.0 255.255.255.0
(config)#access-list nonat permit ip 172.16.1.0 255.255.255.0 172.16.5.0 255.255.255.0
(config)#nat (inside) 0 access-list nonat
(config)#crypto ipsec transform-set TRAN esp-aes-256 esp-sha-hmac
(config)#Crypto map MYFW_MAP 10 ipsec-isakmp
(config)#Crypto map MYFW_MAP 10 match address ED
(config)#Crypto map MYFW_MAP 10 set peer 1.1.1.1
(config)#Crypto map MYFW_MAP 10 set transform-set TRAN
(config)#Crypto map MYFW_MAP 10 set security-association lifetime seconds 3600
(config)#Crypto map MYFW_MAP interface outside
(config)#Crypto isakmp identity address
Debug/Show/Clear Commands
show isakmp display all isakmp configurations
show isakmp policy display only configured ISAKMP policies
show crypto ipsec transform-set display all configured ipsec transform-sets
show crypto map display all configured crypto map entries
show crypto isakmp sa display the status of current IKE SAs
show crypto ipsec sa displays the status of current IPSec SAs
Show crypto ipsec sa [peer <addr>]
Show crypto ipsec sa [peer <addr>] | i (remote ident)
show crypto engine connection active
clear crypto isakmp sa clear all active ISAKMP SAs
clear crypto ipsec sa clear all active IPSec SAs
debug crypto isakmp display IKE communication between PIX and its IPSec peers
debug crypt ipsec display IPSec communication betwen the PIX and its IPSec peers