PIX 506 and Router 1841

zulqurnain · ‎10-04-2006

Hi All,

I am trying to configure the Crypto Map IPSec and ISAKMP on the 1841 just like i did on the Pix 506e creating a VPN tunnel, question is that is it possible or not. i.e on my pix 506e i have it this way, how would i do the same thing on my router 1841.

crypto ipsec transform-set des-set esp-des esp-md5-hmac

crypto ipsec transform-set 3des-set esp-3des esp-md5-hmac

crypto map vpn 10 ipsec-isakmp

crypto map vpn 10 match address vpn-is

crypto map vpn 10 set peer 10.5.0.10

crypto map vpn 10 set transform-set 3des-set

crypto map vpn interface outside

isakmp enable outside

isakmp key hateit address 10.5.0.10 netmask 255.255.255.255

isakmp identity address

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash md5

isakmp policy 1 group 1

isakmp policy 1 lifetime 86400

access-list vpn-is permit ip 192.168.15.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list vpn-is permit ip 192.168.15.0 255.255.255.0 192.168.7.0 255.255.255.0

m.sir · ‎10-05-2006

1. create ISAKMP policy + peer + pre-shared key

crypto isakmp policy 1

authentication pre-share

encry 3des

hash md5

group2

crypto isakmp key hateit address OUTSIDE_IP_OF_PIX

2. Create transform set

crypto ipsec transform-set 3des-set esp-3des esp-md5-hmac

3. Create acl for traffic encryption (mirrored againts PIX)

access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.15.0 0.0.0.255

access-list 110 permit ip 192.168.7.0 0.0.0.255 192.168.15.0 0.0.0.255

4. Create crypto map

crypto map vpn 10 ipsec-isakmp

set peer OUTSIDE_IP_OF_PIX

set transform-set 3des-set

match address 110

4. Apply crypto map to router interface where VPN is terminated (in your case int with IP 10.5.0.10 - let we say that its fa 0/0 )

interface FastEthernet0/0

crypto map vpn

M.

Hope that helps rate if it does