alt.certification.cisco - Cisco PIX VPN Easy Question

Author

Cisco PIX VPN Easy Question

Bigmaggot

2003-09-24, 10:27 am

We need to allow a Hardware VPN from a Vigor 2600 router to a Cisco 515E
router. We want to use a shared IKE key for IPSEC and are not too sure how
to set this so any help would be appreciated. Would the following work or
would we need additional commands:

crypto ipsec transform-set transset1 esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set transset1
crypto map remotemap 10 ipsec-isakmp dynamic dynmap
crypto map remotemap client configuration address initiate
crypto map remotemap client configuration address respond
crypto map remotemap client authentication win2kiasauth
crypto map remotemap interface outside
isakmp enable outside
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp client configuration address-pool local remote-vpn outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 28800
isakmp policy 11 authentication pre-share
isakmp policy 11 encryption des
isakmp policy 11 hash md5
isakmp policy 11 group 2
isakmp policy 11 lifetime 28800

TIA

Andy

Pieter Jan Bakhuijzen

2003-09-24, 11:26 am

I would also add the sysopt connection permit-ipsec command...

PJB

"Bigmaggot" < bigmaggotnews@dontforgettoremo
vethis.blueyonder.co.uk> wrote in
message news:vn373m27alnfa2@corp.supernews.com...
> We need to allow a Hardware VPN from a Vigor 2600 router to a Cisco 515E
> router. We want to use a shared IKE key for IPSEC and are not too sure how
> to set this so any help would be appreciated. Would the following work or
> would we need additional commands:
>
> crypto ipsec transform-set transset1 esp-des esp-md5-hmac
> crypto dynamic-map dynmap 10 set transform-set transset1
> crypto map remotemap 10 ipsec-isakmp dynamic dynmap
> crypto map remotemap client configuration address initiate
> crypto map remotemap client configuration address respond
> crypto map remotemap client authentication win2kiasauth
> crypto map remotemap interface outside
> isakmp enable outside
> isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
> isakmp identity address
> isakmp client configuration address-pool local remote-vpn outside
> isakmp policy 10 authentication pre-share
> isakmp policy 10 encryption des
> isakmp policy 10 hash md5
> isakmp policy 10 group 1
> isakmp policy 10 lifetime 28800
> isakmp policy 11 authentication pre-share
> isakmp policy 11 encryption des
> isakmp policy 11 hash md5
> isakmp policy 11 group 2
> isakmp policy 11 lifetime 28800
>
> TIA
>
> Andy
>
>

Sponsored Links