Cisco Pix – Standard Site-To-Site VPN Setup

sysopt connection permit-ipsec
access-list CRYPTO-TO-SOLNA permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list NAT-0 permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0

nat (inside) 0 access-list NAT-0
isakmp enable outside
isakmp policy 100 encryption 3des
isakmp policy 100 hash sha
isakmp policy 100 authentication pre-share
isakmp policy 100 group 1
isakmp policy 100 lifetime 86400
isakmp key 1234567890 address 212.75.70.2
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SOLNA 10 ipsec-isakmp
crypto map SOLNA 10 match address CRYPTO-TO-SOLNA
crypto map SOLNA 10 set peer 212.75.70.2
crypto map SOLNA 10 set transform-set ESP-3DES-SHA
crypto map SOLNA 10 set pfs group1
crypto map SOLNA 10 set security-association lifetime seconds 28800
crypto map SOLNA interface outside

sysopt connection permit-ipsec
access-list CRYPTO-TO-STHLM permit ip 192.168.100.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list NAT-0 permit ip 192.168.100.0 255.255.255.0 192.168.200.0 255.255.255.0

nat (inside) 0 access-list NAT-0
isakmp enable outside
isakmp policy 100 encryption 3des
isakmp policy 100 hash sha
isakmp policy 100 authentication pre-share
isakmp policy 100 group 1
isakmp policy 100 lifetime 86400
isakmp key 1234567890 address 212.75.71.2
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SOLNA 10 ipsec-isakmp
crypto map SOLNA 10 match address CRYPTO-TO-STHLM
crypto map SOLNA 10 set peer 212.75.71.2
crypto map SOLNA 10 set transform-set ESP-3DES-SHA
crypto map SOLNA 10 set pfs group1
crypto map SOLNA 10 set security-association lifetime seconds 28800
crypto map SOLNA interface outside

 

Leave a Reply