Versions Compared

Old Version 2

changes.mady.by.user Adam Melong

Saved on

compared with

New Version 3

changes.mady.by.user Adam Melong

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

How to configure Site to Site VPN

How to configure Site to Site VPN

  1. Define a host name:
    Code Block
    hostname NewYork
  2. Configure an ISAKMP policy:
    Code Block
    isakmp enable outside isakmp policy 9 authentication pre-share isakmp policy 9 encrypt 3des
  3. Configure a pre-shared key and associate with the peer:
    Code Block
    crypto isakmp key cisco1234 address 209.165.200.229
  4. Configure the supported IPSec transforms:
    Code Block
    crypto ipsec transform-set strong esp-3des esp-sha-hmac
  5. Create an access list:
    Code Block
    access-list 90 permit ip 192.168.12.0 255.255.255.0 10.0.0.0 255.0.0.0
    This access list defines traffic from network 192.168.12.0 to 10.0.0.0. Both of these networks use unregistered addresses.
    Note Steps 5 and 6 are not required if you want to enable NAT for all traffic.
  6. Exclude traffic between the intranets from NAT:
    Code Block
    nat 0 access-list 90
    This excludes traffic matching access list 90 from NAT. The nat 0 command is always processed before any other nat commands.
  7. Enable NAT for all other traffic:
    Code Block
    nat (inside) 1 0 0
  8. Assign a pool of global addresses for NAT and PAT:
    Code Block
    global (outside) 1 209.165.201.9-209.165.201.30 
global (outside) 1 209.165.201.8
    The pool of registered addresses are only used for connections to the public Internet.
  9. Define a crypto map:crypto map toSanJose 20 c
    Code Block
    rypto map toSanJose 20 ipsec-isakmp crypto map toSanJose 20 match address 90 crypto map toSanJose 20 set transform-set strong crypto map toSanJose 20 set peer 209.165.200.229
  10. Apply the crypto map to the outside interface:
    Code Block
    crypto map toSanJose interface outside
  11. Specify that IPSec traffic be implicitly trusted (permitted):
    Code Block
    sysopt connection permit-ipsec

Password Recovery

Performing password recovery on the security appliance erases the login password, enable password, and aaa authentication console commands. To erase these commands so you can log in with the default passwords, perform the following steps:Step 1 Download the PIX password tool from Cisco.com to a TFTP server accessible from the security appliance. See the link in the "Password Recovery Procedure for the PIX" document at the following URL:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a0080
09478brecovery09186a008009478b.shtmlImage Added

Step 2 Connect to the security appliance console port according to the "Accessing the Command-Line Interface" section on page 2-1.
Step 3 Power off the security appliance, and then power it on.

...