05-25-2012 04:57 AM - edited 02-21-2020 04:39 AM
Hi,
As I am trying to create site to site VPN.
The other side they have given me parameters.
Phase 2 parameter is esp-3des esp-sha-hmac.
SIM IP subnet is 10.85.170.0/23 and VPN gateway is 41.220.75.1
IKE Encryption (Phase 1): 3DES
IKE Hash (Phase 1): SHA1
IKE Diffie-Hellman Group: 2
IKE lifetime: (default 86400 seconds)
IPSEC Phase 2 Encryption: 3DES
IPSEC Phase 2 Hash: SHA1
As based on this parameters i have done configuration.
crypto ipsec transform-set xxxxx esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map IPSec_map 10 match address fasttrack
crypto map IPSec_map 10 set peer 41.220.75.1
crypto map IPSec_map 10 set transform-set xxxx
crypto map IPSec_map interface OUTSIDE
crypto isakmp enable OUTSIDE
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2sh
lifetime 86400
tunnel-group 41.220.75.1 type ipsec-l2l
tunnel-group 41.220.75.1 ipsec-attributes
pre-shared-key xxxxxx
access-list fasttrack extended permit ip 10.85.170.0 255.255.254.0 host 63.173.33.69
crypto isakmp enable OUTSIDE
Can any one can tell my configuration is correct.
thanks,
05-25-2012 05:29 AM
Hi Varun,
I am expecting you reply.
Thanks,
05-25-2012 05:51 AM
Hi Hemant,
The configuration is good, you can refer to this config example also:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml
Thanks,
Varun Rao
Security Team,
Cisco TAC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide