Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
NetscreenToCiscoVPN
Edit
PageHistory
Diff
Info
LikePages
!!!Netscreen to Cisco VPN Connection. This example is where Cisco routers, in this example Cisco 831 and Cisco 837 routers, are on remote sites and connection to a main site which has a NetScreen 5XT firewall. Cisco 831/837 router VPN Configuration. <verbatim> crypto keyring merope pre-shared-key address <<NetScreen untrust ip address>> key <<key>> ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp identity hostname crypto isakmp profile vpn-connection description VPN Connection to Main Site keyring merope self-identity user-fqdn <<hostname>>@<<domain name>> match identity address <<NetScreen untrust ip address>> 255.255.255.255 initiate mode aggressive ! ! crypto ipsec transform-set crypto-set esp-3des esp-md5-hmac ! crypto map vpn 10 ipsec-isakmp set peer <<NetScreen untrust ip address>> set transform-set crypto-set set pfs group2 set isakmp-profile vpn-connection match address VPN-ACL ! ip access-list extended VPN-ACL remark VPN Encryption with Main Site permit ip <<local IP Range>> 0.0.0.255 <<Remote IP Range>> 0.0.0.255 ! interface <<External Interface>> crypto map vpn </verbatim> NetScreen 5XT Configuration. (mind the line breaks) <verbatim> set address "Untrust" "<<Remote IP Range>>/255.255.255.0" <<Remote IP Range>> 255.255.255.0 "Remote Site VPN" set ike gateway "<<remote-hostname>>" address 0.0.0.0 id "<<remote-hostname>>@<<domain name>>" \ Aggr outgoing-interface "ethernet3" preshare "<<key>>" proposal "pre-g2-3des-md5" unset ike gateway "<<remote-hostname>>" nat-traversal set vpn "<<remote-hostname>>" gateway "<<remote-hostname>>" replay tunnel idletime 0 proposal \ "g2-esp-3des-md5" set policy id 9 name "<<remote-hostname>>" from "Untrust" to "home" "<<Remote IP Range>>/255.255.255.0" \ "<<Local IP Range>>/255.255.255.0" "ANY" tunnel vpn "<<remote-hostname>>" id 6 pair-policy 8 set policy id 8 name "<<remote-hostname>>" from "home" to "Untrust" "<<Local IP Range>>/255.255.255.0" \ "<<Remote IP Range>>/255.255.255.0" "ANY" tunnel vpn "<<remote-hostname>>" id 6 pair-policy 9 </verbatim>
No page links to
NetscreenToCiscoVPN
.
