05-25-2012 04:57 AM - edited 02-21-2020 04:39 AM
Hi,
As I am trying to create site to site VPN.
The other side they have given me parameters.
Phase 2 parameter is esp-3des esp-sha-hmac.
SIM IP subnet is 10.85.170.0/23 and VPN gateway is 41.220.75.1
IKE Encryption (Phase 1): 3DES
IKE Hash (Phase 1): SHA1
IKE Diffie-Hellman Group: 2
IKE lifetime: (default 86400 seconds)
IPSEC Phase 2 Encryption: 3DES
IPSEC Phase 2 Hash: SHA1
As based on this parameters i have done configuration.
crypto ipsec transform-set xxxxx esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map IPSec_map 10 match address fasttrack
crypto map IPSec_map 10 set peer 41.220.75.1
crypto map IPSec_map 10 set transform-set xxxx
crypto map IPSec_map interface OUTSIDE
crypto isakmp enable OUTSIDE
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2sh
lifetime 86400
tunnel-group 41.220.75.1 type ipsec-l2l
tunnel-group 41.220.75.1 ipsec-attributes
pre-shared-key xxxxxx
access-list fasttrack extended permit ip 10.85.170.0 255.255.254.0 host 63.173.33.69
crypto isakmp enable OUTSIDE
Can any one can tell my configuration is correct.
thanks,
05-25-2012 05:29 AM
Hi Varun,
I am expecting you reply.
Thanks,
05-25-2012 05:51 AM
Hi Hemant,
The configuration is good, you can refer to this config example also:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml
Thanks,
Varun Rao
Security Team,
Cisco TAC
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: