PIX - Site-to-Site VPN

Site-to-site VPN tunnel

1. Prepare for the VPN service
2. Configure IKE parameters
3. Configure IPSec Parameters
4. Test and verify the tunnels

isakmp enable outside
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 authentication pre-share
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400

show isakmp policy

isakmp key CISCO123 address 1.1.2.2

access-list 111 permit ip 10.0.2.0 255.255.255.0 10.0.5.0 255.255.255.0
nat (inside) 0 access-list 111

crypto ipsec transform-set TRANSFORM esp-des
crypto map MAP 10 ipsec-iskmp
crypto map MAP 10 match address 111
crypto map MAP 10 set peer 1.1.2.2
crypto map MAP 10 set transform-set TRANSFORM
crypto map MAP 10 set security-association lifetime seconds 28800

crypto map MAP interface outside

show crypto map
show crypto ipsec transform-set