Config Site 2 Site VPN example:
PIX Firewall configuration version 6.3.x
access-list acs-outside permit udp host VPNPeer host MyPublicIP eq isakmp
access-list acs-outside permit esp host VPNPeer host MyPublicIP
access-list acs-outside permit ah host VPNPeer host MyPublicIP
access-group acs-outside in interface outside
STEP 1 - Configure IKE
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
Isakmp identity address
isakmp key your-vpn-password address PEER-IP netmask 255.255.255.255
STEP 2 - Configure IPSEC
access-list NONAT permit ip Internalnet ISubnet Externalnet Esubnet
global (outside) 1 interface
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-list VPN permit ip Internalnet ISubnet Externalnet Esubnet
crypto ipsec transform-set TRANS esp-des esp-md5-hmac
crypto map REMOTE 10 ipsec-isakmp
crypto map REMOTE 10 match address VPN
crypto map REMOTE 10 set peer PEER-IP
crypto map REMOTE 10 set transform-set TRANS
crypto map REMOTE interface outside
