|
Home > Archive > CCNP > December 2001 > 3640 to 3640 ipsec vpn configuration
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
3640 to 3640 ipsec vpn configuration
|
|
| beenframed 2001-12-13, 1:18 pm |
| I have been asked to set up an ipsec vpn between two 3640's, both of them are behind firewalls. Does anyone have links to good reference material that will help me out.
Thanks,
-bf | |
| MadChef 2001-12-14, 4:55 am |
| If the firewalls are doing NAT, it's very difficult to get IPSec to function properly between devices behind the firewalls because the firewall would need to change information in the header and that would break the hashing done by IPSec. The typical way around this that I know of is to encapsulate IPSec packets in UDP datagrams and then NAT those, but I don't know that IOS can do this.
The first thing I would recommend is trying to do this between your firewalls if possible. Failing that, start studying.
An introduction to IPSec:
http://www.cisco.com/warp/public/105/IPSECpart1.html
The IPSec support page with lots of links to configs:
http://www.cisco.com/cgi-bin/Suppor...etworking:IPSec
IPSec router to router w/ preshared keys:
http://www.cisco.com/warp/customer/...d_private.shtml
Good luck.
MadChef | |
| sidodgers 2001-12-16, 12:46 am |
| OK,
further to the above, on the firewall at each end you'll need to permit IP protocols 50 and 51 (ESP and AH, the 'new' and 'old' IPSec protocols respectively,) and UDP port 500 from one end to the other. |
|
|
|
|