I must configure a VPN tunnel between a cisco router (ios vpn) and netscreen firewall,
For the Cisco here is the configuration:
I am confused about the access-list in my example do I must use private network rage for source and destination or the public address of the two firewalls. Is my access-list right?
10.12.0.1/16--|CISCO_Router|--172.16.0.1/16--| Internet |--|172.17.0.0/16|--Netscreen--10.11.0.1/16
crypto isakmp policy 11
hash md5
authentication pre-share
group 2
crypto isakmp key [shared key] address 172.17.0.1
!
!
crypto ipsec transform-set VPN esp-des esp-sha-hmac
!
crypto map any_name1 11 ipsec-isakmp
set peer 172.17.0.1
set transform-set any_name
match address 120
int f0
crypto map VPN
access-list 120 permit ip 10.12.0.1 255.255.0.0 10.11.0.0 255.255.0.0
Must i use the ip of the external interface of the two firewalls?
CCNA
For the Cisco here is the configuration:
I am confused about the access-list in my example do I must use private network rage for source and destination or the public address of the two firewalls. Is my access-list right?
10.12.0.1/16--|CISCO_Router|--172.16.0.1/16--| Internet |--|172.17.0.0/16|--Netscreen--10.11.0.1/16
crypto isakmp policy 11
hash md5
authentication pre-share
group 2
crypto isakmp key [shared key] address 172.17.0.1
!
!
crypto ipsec transform-set VPN esp-des esp-sha-hmac
!
crypto map any_name1 11 ipsec-isakmp
set peer 172.17.0.1
set transform-set any_name
match address 120
int f0
crypto map VPN
access-list 120 permit ip 10.12.0.1 255.255.0.0 10.11.0.0 255.255.0.0
Must i use the ip of the external interface of the two firewalls?
CCNA
