Keeping Your Cisco VPN Secure - Page 4

By  Cisco Press | Oct 23, 2001
Page 4 of 4   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Finally, permit IPSec packets into the network with the sysopt command. 

 sysopt connection permit-ipsec
The branch office PIX configuration is almost identical. The following section points out where it differs.

The branch office PIX has a different outside IP address. 

 ip address outside 172.30.1.2 255.255.255.252
The access list must reflect the main office's IP addresses. 
 access-list 20 permit 10.1.1.0 255.255.255.0
The peer is the outside IP address of the main office's PIX. 
 crypto map mymap 10 set peer 172.30.1.1
The session keys for the branch office are configured in the opposite order of what is configured on the main office's PIX. The inbound key on one side of a connection must equal the outbound key on the opposite side of the connection. The inbound AH session key on the Branch office is equal to the outbound AH session key on the main office's PIX. The inbound AH session key must match the main office's outbound AH session key in order for the connection to be established. The inbound ESP session key matches the main office's inbound ESP session key and the outbound ESP session key matches the main office's inbound ESP session key: 
 crypto map mymap 10 set session-key inbound ah 300
     bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
 crypto map mymap 10 set session-key outbound ah 400
     aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 crypto map mymap 10 set session-key inbound esp 300 cipher
     dddddddddddddddddddddddddddddddd
 crypto map mymap 10 set session-key outbound esp 400 cipher
     cccccccccccccccccccccccccccccccc

Cisco Secure Internet Security Solutions -- Click to go to publisher's site --
Our next segment will conclude Chapter 4 of Cisco Secure Internet Security Solutions, and will cover an explanation and configuration of VPN with Preshared Keys, obtaining Certificate Authorities, and PIX-to-PIX configuration.

jfreund@internet.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >