I am having trouble setting up a site-site vpn whilst also keeping my vpn client 3.x working.
I am working with SITE1 until I get the site-site config entered without it killing my ability to connect to it with a VPN Client 3.x. Once it is up I will enter the config into SITE2, as SSH and VPN are my only methods of access to this remote device. If I kill VPN and something happens to the SSH then I will be hamstrung.
I am using Image 6.2(2) and PDM 2.1(1)
So my config is as follows:
name x.x.x.x site1
name x.x.x.x site2
name x.x.x.x site1_int_net
name x.x.x.x site2_int_net
access-list from-outside permit ip host site2 any
access-group from-outside in interface outside
access-list 101 permit ip site1_int_net 255.255.255.0 site2_int_net 255.255.255.0
nat (inside) 0 access-list 101
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set ESP-3DES-SHA
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map transam 1 ipsec-isakmp
crypto map transam 1 match address 101
crypto map transam 1 set peer site2
crypto map transam 1 set transform-set ESP-3DES-SHA
crypto map transam interface outside
isakmp enable outside
isakmp key ******** address site2 netmask 255.255.255.255
isakmp identity address
isakmp keepalive 10 10
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
vpngroup x address-pool vpnclientpool
vpngroup x wins-server x.x.x.x
vpngroup x default-domain x.x.x
vpngroup x split-tunnel nonat
vpngroup x idle-time 1800
vpngroup x password ********
Any help would be greatly appreciated.
Cheers,
Mark
I am working with SITE1 until I get the site-site config entered without it killing my ability to connect to it with a VPN Client 3.x. Once it is up I will enter the config into SITE2, as SSH and VPN are my only methods of access to this remote device. If I kill VPN and something happens to the SSH then I will be hamstrung.
I am using Image 6.2(2) and PDM 2.1(1)
So my config is as follows:
name x.x.x.x site1
name x.x.x.x site2
name x.x.x.x site1_int_net
name x.x.x.x site2_int_net
access-list from-outside permit ip host site2 any
access-group from-outside in interface outside
access-list 101 permit ip site1_int_net 255.255.255.0 site2_int_net 255.255.255.0
nat (inside) 0 access-list 101
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set ESP-3DES-SHA
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map transam 1 ipsec-isakmp
crypto map transam 1 match address 101
crypto map transam 1 set peer site2
crypto map transam 1 set transform-set ESP-3DES-SHA
crypto map transam interface outside
isakmp enable outside
isakmp key ******** address site2 netmask 255.255.255.255
isakmp identity address
isakmp keepalive 10 10
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
vpngroup x address-pool vpnclientpool
vpngroup x wins-server x.x.x.x
vpngroup x default-domain x.x.x
vpngroup x split-tunnel nonat
vpngroup x idle-time 1800
vpngroup x password ********
Any help would be greatly appreciated.
Cheers,
Mark