| Rev | Author | # | Line |
|---|---|---|---|
| 1 | LindsayDruett | 1 | !!!Netscreen to Cisco VPN Connection. |
| 2 | |||
| 3 | This example is where Cisco routers, in this example Cisco 831 and Cisco 837 routers, are on remote sites and connection to a main site which has a NetScreen 5XT firewall. | ||
| 4 | |||
| 5 | |||
| 6 | Cisco 831/837 router VPN Configuration. | ||
| 7 | |||
| 8 | |||
| 9 | <verbatim> | ||
| 10 | crypto keyring merope | ||
| 11 | pre-shared-key address <<NetScreen untrust ip address>> key <<key>> | ||
| 12 | ! | ||
| 13 | crypto isakmp policy 10 | ||
| 14 | encr 3des | ||
| 15 | hash md5 | ||
| 16 | authentication pre-share | ||
| 17 | group 2 | ||
| 18 | crypto isakmp identity hostname | ||
| 19 | crypto isakmp profile vpn-connection | ||
| 20 | description VPN Connection to Main Site | ||
| 21 | keyring merope | ||
| 22 | self-identity user-fqdn <<hostname>>@<<domain name>> | ||
| 23 | match identity address <<NetScreen untrust ip address>> 255.255.255.255 | ||
| 24 | initiate mode aggressive | ||
| 25 | ! | ||
| 26 | ! | ||
| 27 | crypto ipsec transform-set crypto-set esp-3des esp-md5-hmac | ||
| 28 | ! | ||
| 29 | crypto map vpn 10 ipsec-isakmp | ||
| 30 | set peer <<NetScreen untrust ip address>> | ||
| 31 | set transform-set crypto-set | ||
| 32 | set pfs group2 | ||
| 33 | set isakmp-profile vpn-connection | ||
| 34 | match address VPN-ACL | ||
| 35 | ! | ||
| 36 | ip access-list extended VPN-ACL | ||
| 37 | remark VPN Encryption with Main Site | ||
| 38 | permit ip <<local IP Range>> 0.0.0.255 <<Remote IP Range>> 0.0.0.255 | ||
| 39 | ! | ||
| 40 | interface <<External Interface>> | ||
| 41 | crypto map vpn | ||
| 42 | |||
| 43 | </verbatim> | ||
| 44 | |||
| 45 | |||
| 46 | NetScreen 5XT Configuration. | ||
| 47 | |||
| 2 | DanielLawson | 48 | (mind the line breaks) |
| 1 | LindsayDruett | 49 | <verbatim> |
| 50 | set address "Untrust" "<<Remote IP Range>>/255.255.255.0" <<Remote IP Range>> 255.255.255.0 "Remote Site VPN" | ||
| 51 | set ike gateway "<<remote-hostname>>" address 0.0.0.0 id "<<remote-hostname>>@<<domain name>>" \ | ||
| 3 | LindsayDruett | 52 | Aggr outgoing-interface "ethernet3" preshare "<<key>>" proposal "pre-g2-3des-md5" |
| 53 | unset ike gateway "<<remote-hostname>>" nat-traversal | ||
| 54 | set vpn "<<remote-hostname>>" gateway "<<remote-hostname>>" replay tunnel idletime 0 proposal \ | ||
| 55 | "g2-esp-3des-md5" | ||
| 56 | set policy id 9 name "<<remote-hostname>>" from "Untrust" to "home" "<<Remote IP Range>>/255.255.255.0" \ | ||
| 4 | LindsayDruett | 57 | "<<Local IP Range>>/255.255.255.0" "ANY" tunnel vpn "<<remote-hostname>>" id 6 pair-policy 8 |
| 3 | LindsayDruett | 58 | set policy id 8 name "<<remote-hostname>>" from "home" to "Untrust" "<<Local IP Range>>/255.255.255.0" \ |
| 4 | LindsayDruett | 59 | "<<Remote IP Range>>/255.255.255.0" "ANY" tunnel vpn "<<remote-hostname>>" id 6 pair-policy 9 |
| 1 | LindsayDruett | 60 | </verbatim> |
lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 2 times)