The following config examples at cisco's website should be everything you need. If you have anymore questions just post back, I'll be more than happy to help you.
PHASE2 is known as the encryption/decryption phase, these statements define how the data will be encrypted at one end and decrypted at the other, once hosts or clients have been authenticated.
Finally the whole process is triggered by an access-list defined within PHASE2, see statement: crypto map toWorld 10 match address 90.
Appart of the start-up config would be an access-list defined as access-list 90 (interesting traffic). This would control which outbound traffic to send through the VPN tunnel.
Here are some commands that can help troubleshooting IPSEC at the pix side:
debug crypto engine - Display debug messages about crypto engines, which perform encryption and decryption.
debug crypto isakmp - Display messages about IKE events.
debug crypto ipsec - Display IPSec events.
show crypto isakmp sa - View all current IKE security associations (SAs) at a peer.
show crypto ipsec sa - View the settings used by current security associations.
clear crypto isakmp - (from configuration mode) Clear all active IKE connections.
clear crypto sa - (from configuration mode) Delete all IPSec security associations.
logging on
logging buffer 4
logging monitor 3
terminal monitor - view debug messages on a telnet session.
terminal no monitor - stop viewing debug messages.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.