Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Pix 515e site 2 site VPN

Pix 515e site 2 site VPN 9 years 11 months ago #19115

  • psiclonius
  • psiclonius's Avatar
  • Offline
  • Frequent Member
  • Posts: 34
  • Karma: 0
Hi,

First off this is my first Site 2 site I have setup from start to finish. I want to setup tunnel with a client to access there mainframe. My inside addresses allowed thur will be 192.168.16.8/29, and access 2 IP on the clients side. In PDM I created 2 object groups called Baptistinside (192.168.16.8/29) and Baptist outside (mainframe and intranet side). We agreed on the follow policy:
IKE
3DES
Pre-shared keys
SHA/HMAC-128
DH-Group Group2
Lifetime 86400

IPSec
ESP/SHA/HMAC-128
3DES
lifetime 28800

I had a IKE policy the met the requirement. I created a new transform set in PDM called baptist (command preview)
'crypto ipsec transform-set Baptist esp-3des esp-sha-hmac'
Then I created a IPSec rule (in PDM) using the object groups I created.


access-list nonat line 12 permit ip object-group Baptistinside object-group Baptist_outside
nat (inside) 0 access-list nonat
access-list outside_cryptomap_22 remark Rule to access Batist Health System Imageing 10.x.x.x and mainframe 10.x.x.x
access-list outside_cryptomap_22 permit ip object-group Baptistinside object-group Baptist_outside
crypto map P2PVPNS 22 set peer 70.x.x.x
crypto map P2PVPNS 22 match address outside_cryptomap_22
crypto map P2PVPNS 22 set transform-set Baptist
crypto map P2PVPNS 22 set security-association lifetime seconds 28800 kilobytes 4608000
crypto map P2PVPNS interface outside

but it returns this:

[OK] access-list nonat line 12 permit ip object-group Baptistinside object-group Baptist_outside
[OK] nat (inside) 0 access-list nonat
[OK] access-list outside_cryptomap_22 remark Rule to access Batist Health System Imageing 10.x.x.x and mainframe 10.x.x.x
[OK] access-list outside_cryptomap_22 permit ip object-group Baptistinside object-group Baptist_outside
[ERR]crypto map P2PVPNS 22 set peer 70.x.x.x
WARNING: This crypto map is incomplete.
To remedy the situation add a peer and a valid access-list to this crypto map.
[OK] crypto map P2PVPNS 22 match address outside_cryptomap_22
[OK] crypto map P2PVPNS 22 set transform-set Baptist
[OK] crypto map P2PVPNS 22 set security-association lifetime seconds 28800 kilobytes 4608000
[OK] crypto map P2PVPNS interface outside

Not sure what I'm doing wrong?
The administrator has disabled public write access.
Time to create page: 0.071 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup