Announcement

Collapse
No announcement yet.

Multiple site 2 site VPN

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple site 2 site VPN

    Dear all,



    I had done the multiple site 2 site VPN in MY Cisco 1841 Router,

    but the problem is first Site 2 site VPN is From my Router -----> Checkpoint FW

    Next is from My Router -------> Cisco ASA


    Problem is first IPSEC is working but the Second is not working.

    Kindly find the below config

    ====================


    crypto logging session
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    lifetime 3660
    crypto isakmp key abcd address 1.2.3.4
    crypto isakmp key efgh address 5.6.7.8 no-xaut
    h
    crypto isakmp keepalive 10 3
    !
    crypto ipsec security-association lifetime kilobytes 50000
    crypto ipsec security-association lifetime seconds 3660
    !
    crypto ipsec transform-set ABC esp-3des esp-sha-hmac
    crypto ipsec transform-set ABC2 esp-3des esp-sha-hmac
    !
    crypto map cisco 1 ipsec-isakmp
    description ########## SITE-1 TUNNEL ##########
    set peer 1.2.3.4
    set transform-set ABC
    match address site-1-acl
    crypto map cisco 2 ipsec-isakmp
    description ########## SITE-2 TUNNEL ##########
    set peer 5.6.7.8
    set transform-set ABC2
    match address site-2-acl
    !
    !
    !
    interface FastEthernet0/1
    ip address 11.12.13.14 255.255.255.252
    ip access-group 102 in
    crypto map cisco
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 X.X.X.1
    !
    !
    ip access-list extended site-1-acl
    permit ip 172.16.100.0 0.0.0.255 172.16.32.0 0.0.31.255 log
    permit udp any any
    ip access-list extended site-2-acl
    permit ip host 172.16.100.100 host 192.168.130.21 log
    permit udp any any
    !
    access-list 102 permit udp host 1.2.3.4 host 11.12.13.14 eq non500-isakmp
    access-list 102 permit udp host 1.2.3.4 host 11.12.13.14 eq isakmp
    access-list 102 permit esp host 1.2.3.4 host 11.12.13.14 log
    access-list 102 permit ahp host 1.2.3.4 host 11.12.13.14 log
    access-list 102 permit udp host 5.6.7.8host 11.12.13.14 eq non500-isakmp
    access-list 102 permit udp host 5.6.7.8host 11.12.13.14 eq isakmp
    access-list 102 permit esp host 5.6.7.8host 11.12.13.14 log
    access-list 102 permit ahp host 5.6.7.8host 11.12.13.14 log
    access-list 102 deny icmp any any log


    ===============

    Kindly help me , do i want to make any changes in my config


    can any one help me out
Working...
X