{"id":232,"date":"2009-04-26T19:03:43","date_gmt":"2009-04-26T19:03:43","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2009\/04\/26\/pix-asa-80416-site-to-site-vpn-sample-config\/"},"modified":"2021-07-24T19:09:15","modified_gmt":"2021-07-24T19:09:15","slug":"pix-asa-80416-site-to-site-vpn-sample-config","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asa-80416-site-to-site-vpn-sample-config.html","title":{"rendered":"PIX \/ ASA 8.0(4)16 – Site to Site VPN Sample Config"},"content":{"rendered":"
Below is a sample config for 2 site to site vpns from a PIX running 8.0(4)16. One peer being 192.168.2.100, and the other 192.168.1.100.<\/p>\n
Please note : This isn’t a tutorial but merely just a sample config that can be used as a reference point.<\/p>\n
isakmp enable outside
isakmp policy 10encryption des
hash md5
authentication pre-share
group 1
lifetime 86400<\/p>isakmp key CISCO1 address 192.168.1.100 netmask 255.255.255.255 no-xauth
isakmp key CISCO1 address 192.168.2.100 netmask 255.255.255.255 no-xauth<\/p>access-list JuniperEncDomain permit ip 172.16.3.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list Check PointEncDomain permit ip 172.16.3.0 255.255.255.0 10.1.1.0 255.255.255.0<\/p>access-list nonat permit ip 172.16.3.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list nonat permit ip 172.16.3.0 255.255.255.0 172.28.16.0 255.255.255.0
nat (inside) 0 access-list nonat<\/p>crypto ipsec transform-set trans-set esp-des esp-md5-hmac
crypto map crypto_map 10 ipsec-isakmp
crypto map crypto_map 10 match address JuniperEncDomain
crypto map crypto_map 10 set peer 192.168.1.100
crypto map crypto_map 10 set transform-set trans-set
crypto map crypto_map 10 set security-association lifetime seconds 3600<\/p>crypto map crypto_map 20 ipsec-isakmp
crypto map crypto_map 20 match address Check PointEncDomain
crypto map crypto_map 20 set peer 192.168.2.100
crypto map crypto_map 20 set transform-set trans-set
crypto map crypto_map 20 set security-association lifetime seconds 3600<\/p>crypto map crypto_map interface outside
crypto isakmp identity address<\/p> <\/pre>\nThings to note :<\/p>\n
\n
- The number that comes after the crypto map and the isakmp policy number is a sequence (priority) number.<\/li>\n
- Only one crypto map can be assigned to the same interface.<\/li>\n
- For use in the access-lists a object group including the encryption domains may be useful for future VPN administration<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"
Below is a sample config for 2 site to site vpns from a PIX running 8.0(4)16. One peer being 192.168.2.100, and the other 192.168.1.100. Please note : This isn’t a tutorial but merely just a sample config that can be used as a reference point. isakmp enable outside isakmp policy 10 encryption des … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"yoast_head":"\n
PIX \/ ASA 8.0(4)16 - Site to Site VPN Sample Config - Fir3net<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n