VPN With Pre-Shared Keys - Page 6

 By Cisco Press
Page 6 of 6   |  Back to Page 1
Print Article

The listing of this configuration follows. This is virtually the same configuration as the previous example, with a few minor changes. First, you have to implement a global pool for use with NAT for data traveling to the branch office. Second, you have to remove the lines associated with the nat 0 command for data traveling to the branch office. Third, you have to create a new access list called nattobranch, which is used by NAT to change the source address of the packets so that these packets appear to originate from the network.

 hostname mainofficepix
 nameif ethernet0 outside security0
 nameif ethernet1 inside security100
 interface ethernet0 auto
 interface ethernet1 auto
 mtu outside 1500
 mtu inside 1500
 ip address outside
 ip address inside
 global (outside) 1
 global (outside) 1
 access-list nattobranch permit ip
 nat (inside) 1 access-list nattobranch
 sysopt connection permit-ipsec
 crypto ipsec transform-set maintransformset esp-des esp-md5-hmac
 crypto map mymap 10 ipsec-isakmp
 crypto map mymap 10 match address nattobranch
 crypto map mymap 10 set peer
 crypto map mymap 10 set transform-set maintransformset
 crypto map mymap interface outside
 isakmp enable outside
 isakmp key mysharedkey address netmask
 isakmp policy 10 authentication pre-share
 isakmp policy 10 encryption des
 isakmp policy 10 hash md5
 isakmp policy 10 group 1
 isakmp policy 10 lifetime 768

Cisco Secure Internet Security Solutions -- Click to go to publisher's site Summary
This chapter has shown how to configure the PIX Firewall in many different ways. It started with the most basic form before moving to a more realistic configuration. This realistic configuration, allowing users through to specific services, should prove adequate for most companies that do not require the use of a DMZ.

The chapter then moved on to explore using single and multiple DMZs, along with AAA services and other examples of connections possible with the PIX Firewall. These configurations provide examples that are applicable to larger organizations.

This article was originally published on Oct 30, 2001
Get the Latest Scoop with Networking Update Newsletter