Creating a VPN to another PIX

[johnnyBravo1]

This is an email that i received from another business to create a vpn to their pix firewall. Can anyone make sense of this?? Much appreciated

We can use either one of these policies or I can create a new one if you want to use SHA…

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

lifetime 84000

!

crypto isakmp policy 2

encr 3des

hash md5

authentication pre-share

group 2

crypto ipsec transform-set standard esp-3des esp-md5-hmac

crypto map FA0/1 8 ipsec-isakmp

set peer 68.x.x.x

set transform-set standard

match address CPMS

crypto isakmp key (will share over phone) address 68.x.x.x

This is a copy of the access list that I currently have on my firewall between Business1 and Business2. These are the subnets you’ll need to route back to me.

ip access-list extended CPMS

permit ip 172.27.207.224 255.255.255.240 host 10.202.82.34

 

[pixen]

What has been sent to you is pretty much straight PIX VPN config commands. As long as your end uses the same standards for configuring the tunnel, you should be in good shape. Just make sure that your acl at your end matches theirs (with source/dest flipped) or the tunnel won't come up. To decode, they want to use IPSEC and ISAKMP, 3DES for encryption, MD5 for the hash, a preshared key, a lifetime of just under 1 day (84000 seconds), and Diffie-Hellman group 2. On your end, you will set the peer to be their PIX outside IP address, they will set the peer on their end to point to your device.

I hope this helps!