{"id":10,"date":"2008-05-18T13:43:06","date_gmt":"2008-05-18T13:43:06","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2008\/05\/18\/vpn-site-2-site\/"},"modified":"2021-07-24T19:39:36","modified_gmt":"2021-07-24T19:39:36","slug":"vpn-site-2-site","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/vpn-site-2-site.html","title":{"rendered":"PIX – VPN – Site 2 Site"},"content":{"rendered":"
Below shows the configuration syntax for configuring a Site to Site VPN on a Cisco PIX firewall.<\/p>\n
(config)#isakmp enable outside
(config)#isakmp policy 10
(config-isakmp-policy)# encryption aes-256
(config-isakmp-policy)# hash sha
(config-isakmp-policy)# authentication pre-share
(config-isakmp-policy)# group 1
(config-isakmp-policy)# lifetime 86400
(config)#isakmp key shabba address 1.1.1.1 netmask 255.255.255.255 no-xauth
(config)#access-list ED permit ip 172.16.1.0 255.255.255.0 172.16.5.0 255.255.255.0
(config)#access-list nonat permit ip 172.16.1.0 255.255.255.0 172.16.5.0 255.255.255.0
(config)#nat (inside) 0 access-list nonat
(config)#crypto ipsec transform-set TRAN esp-aes-256 esp-sha-hmac
(config)#Crypto map MYFW_MAP 10 ipsec-isakmp
(config)#Crypto map MYFW_MAP 10 match address ED
(config)#Crypto map MYFW_MAP 10 set peer 1.1.1.1
(config)#Crypto map MYFW_MAP 10 set transform-set TRAN
(config)#Crypto map MYFW_MAP 10 set security-association lifetime seconds 3600
(config)#Crypto map MYFW_MAP interface outside
(config)#Crypto isakmp identity address<\/pre>\nDebug\/Show\/Clear Commands<\/strong><\/h3>\n
\n
- show isakmp display all isakmp configurations <\/li>\n
- show isakmp policy display only configured ISAKMP policies<\/li>\n
- show crypto ipsec transform-set display all configured ipsec transform-sets<\/li>\n
- show crypto map display all configured crypto map entries<\/li>\n
- show crypto isakmp sa display the status of current IKE SAs <\/li>\n
- show crypto ipsec sa displays the status of current IPSec SAs<\/li>\n
- show crypto ipsec sa [peer <addr>]<\/li>\n
- show crypto ipsec sa [peer <addr>] | i (remote ident)<\/li>\n
- show crypto engine connection active<\/li>\n
- clear crypto isakmp sa clear all active ISAKMP SAs<\/li>\n
- clear crypto ipsec sa clear all active IPSec SAs<\/li>\n
- debug crypto isakmp display IKE communication between PIX and its IPSec peers<\/li>\n
- debug crypt ipsec display IPSec communication betwen the PIX and its IPSec peers<\/li>\n<\/ul>\n
Additional Reference<\/strong><\/h3>\n
PIX\/ASA 7.x: Simple PIX-to-PIX VPN Tunnel Configuration Example<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Below shows the configuration syntax for configuring a Site to Site VPN on a Cisco PIX firewall. Configuration (config)#isakmp enable outside(config)#isakmp policy 10(config-isakmp-policy)# encryption aes-256(config-isakmp-policy)# hash sha(config-isakmp-policy)# authentication pre-share(config-isakmp-policy)# group 1(config-isakmp-policy)# lifetime 86400(config)#isakmp key shabba address 1.1.1.1 netmask 255.255.255.255 no-xauth(config)#access-list ED permit ip 172.16.1.0 255.255.255.0 172.16.5.0 255.255.255.0(config)#access-list nonat permit ip 172.16.1.0 255.255.255.0 172.16.5.0 255.255.255.0(config)#nat (inside) … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"yoast_head":"\n
PIX - VPN - Site 2 Site - Fir3net<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n