09-20-2007 02:11 AM - edited 03-03-2019 06:50 PM
hi all,
i have one pix 515E on which we have configured a VPN site-to-site with our partner, now we want to move the VPN to a Router 1841, all i would like to know that if anyone can guide me or help me in converting the VPN configuration on PIX515E to Router 1841 so that i can set it up.
the pix 515E vpn configuration is as following
access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.16.7.5
access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.16.8.15
access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 192.168.108.122
access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 192.168.108.61
access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.16.5.56
access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.18.13.25
access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.16.5.93
access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.16.5.100
access-list xyzcompany permit ip host 10.60.72.201 host 172.16.5.56
access-list xyzcompany permit ip 10.60.72.128 255.255.255.128 host 172.19.5.32
!
sysopt connection permit-ipsec
crypto ipsec transform-set xyzcompany esp-3des esp-md5-hmac
crypto map transam 20 ipsec-isakmp
crypto map transam 20 match address xyzcompany
crypto map transam 20 set peer 1.170.2.85
crypto map transam 20 set transform-set xyzcompany
crypto map transam 20 set security-association lifetime seconds 3600 kilobytes 4608000
crypto map transam interface outside
isakmp enable outside
isakmp key 1234xcv address 1.170.2.85 netmask 255.255.255.255
isakmp identity address
isakmp keepalive 10 30
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
09-20-2007 08:21 PM
Hi,
Here you go..
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto ipsec transform-set xyzcompany esp-3des esp-md5-hmac
crypto isakmp key 1234xcv address 1.170.2.85 no-xauth
crypto map transam 20 ipsec-isakmp
set peer 1.170.2.85
set transform-set xyzcompany
match address xyzcompany
ip access-list extended xyzcompany
permit ip 10.60.72.128 0.0.0.127 host 172.16.7.5
permit ip 10.60.72.128 0.0.0.127 host 172.16.8.15
permit ip 10.60.72.128 0.0.0.127 host 192.168.108.122
permit ip 10.60.72.128 0.0.0.127 host 192.168.108.61
permit ip 10.60.72.128 0.0.0.127 host 172.16.5.56
permit ip 10.60.72.128 0.0.0.127 host 172.18.13.25
permit ip 10.60.72.128 0.0.0.127 host 172.16.5.93
permit ip 10.60.72.128 0.0.0.127 host 172.16.5.100
permit ip host 10.60.72.201 host 172.16.5.56
permit ip 10.60.72.128 0.0.0.127 host 172.19.5.32
interface GigabitEthernet0/0
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
crypto map transam
end
I hope it helps.
Regards
Arul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide