cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
402
Views
0
Helpful
2
Replies

Need Site to Site example with both sides hiding ip's

Patrick.Beaven
Level 1
Level 1

Does anyone have a few examples of site to site vpns setup where you need to hide the private ip subnets on both sites. I cant find any good examples using static nat statement etc.

Thanks,

2 Replies 2

jvanwa1
Level 1
Level 1

Pat,

Here is what I have on my PIX 6.3 going to a customer's Checkpoint. Right now I am the only one able to start up the IPSec VPN tunnel; don't know if I need to change something or they do, so they can initiate the tunnel.

static (inside,outside) 64.233.169.99 192.168.111.1 netmask 255.255.255.255 0 0

access-list onion permit ip host 64.233.169.99 host 71.18.55.123

access-list onion permit ip host 64.233.169.99 host 71.18.55.127

crypto ipsec transform-set cheese esp-3des esp-sha-hmac

crypto map hotdog 30 ipsec-isakmp

crypto map hotdog 30 match address onion

crypto map hotdog 30 set peer 71.18.55.4

crypto map hotdog 30 set transform-set cheese

crypto map hotdog interface outside

isakmp key ********** address 71.18.55.4 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp keepalive 10

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

This is very Close to what i ended up doinng!

Thanks,

Pat