Hello all -
I have a PIX 515 that has many site-to-site tunnels configured and functional. Now I need to add software VPN client functionality to this PIX. I tried once a while back, but whatever I did ended up breaking the hardware VPNs so I took that out real quick. I will post what I hope are relevant pieces of the config.
Thanks ahead of time!
access-list NONAT permit ip 192.168.51.0 255.255.255.0 192.168.122.64 255.255.255.224
access-list NONAT permit ip 192.168.51.0 255.255.255.0 192.168.122.32 255.255.255.224
access-list IPTMONTI permit ip 192.168.51.0 255.255.255.0 192.168.122.64 255.255.255.224
access-list IPTCRAPIDS permit ip 192.168.51.0 255.255.255.0 192.168.122.32 255.255.255.224
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
sysopt connection permit-ipsec
crypto ipsec transform-set TEKTRANSFORM esp-des esp-sha-hmac
crypto ipsec transform-set 3DESMD5 esp-3des esp-md5-hmac
crypto map VPNCLIENT 1222 match address IPTCRAPIDS
crypto map VPNCLIENT 1222 set peer 71.x.x.33
crypto map VPNCLIENT 1222 set transform-set 3DESMD5
crypto map VPNCLIENT 1223 ipsec-isakmp
crypto map VPNCLIENT 1223 match address IPTMONTI
crypto map VPNCLIENT 1223 set peer 71.x.x.34
crypto map VPNCLIENT 1223 set transform-set 3DESMD5
crypto map VPNCLIENT interface outside
isakmp enable outside
isakmp key ******** address x.x.x.x netmask 255.255.255.255
isakmp key ******** address x.x.x.x netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption 3des
isakmp policy 2 hash md5
isakmp policy 2 group 2
isakmp policy 2 lifetime 28800
If anyone can help me add the settings for the software VPN without breaking the rest ofthem I will greatly appreciate it.
Thanks!!
<<Witty Signature>>
I have a PIX 515 that has many site-to-site tunnels configured and functional. Now I need to add software VPN client functionality to this PIX. I tried once a while back, but whatever I did ended up breaking the hardware VPNs so I took that out real quick. I will post what I hope are relevant pieces of the config.
Thanks ahead of time!
access-list NONAT permit ip 192.168.51.0 255.255.255.0 192.168.122.64 255.255.255.224
access-list NONAT permit ip 192.168.51.0 255.255.255.0 192.168.122.32 255.255.255.224
access-list IPTMONTI permit ip 192.168.51.0 255.255.255.0 192.168.122.64 255.255.255.224
access-list IPTCRAPIDS permit ip 192.168.51.0 255.255.255.0 192.168.122.32 255.255.255.224
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
sysopt connection permit-ipsec
crypto ipsec transform-set TEKTRANSFORM esp-des esp-sha-hmac
crypto ipsec transform-set 3DESMD5 esp-3des esp-md5-hmac
crypto map VPNCLIENT 1222 match address IPTCRAPIDS
crypto map VPNCLIENT 1222 set peer 71.x.x.33
crypto map VPNCLIENT 1222 set transform-set 3DESMD5
crypto map VPNCLIENT 1223 ipsec-isakmp
crypto map VPNCLIENT 1223 match address IPTMONTI
crypto map VPNCLIENT 1223 set peer 71.x.x.34
crypto map VPNCLIENT 1223 set transform-set 3DESMD5
crypto map VPNCLIENT interface outside
isakmp enable outside
isakmp key ******** address x.x.x.x netmask 255.255.255.255
isakmp key ******** address x.x.x.x netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption 3des
isakmp policy 2 hash md5
isakmp policy 2 group 2
isakmp policy 2 lifetime 28800
If anyone can help me add the settings for the software VPN without breaking the rest ofthem I will greatly appreciate it.
Thanks!!
<<Witty Signature>>