Question : LANtoLAN VPN Between PIX 515 and Non Cisco Devices

Currently, our remote users uses a Cisco VPN client to access our main office via DSL. The VPN sessions are terminated at Cisco PIX 515. Now, we are interested in LAN to LAN VPN. We want to VPN session to be up and running 24 hours. Is any device enable to accomplish this with PIX 515 termination point? if so, which device? Since each remote location has 1 user, we don't need to have a high scale device.

Please advise.

Thank you.

Answer : LANtoLAN VPN Between PIX 515 and Non Cisco Devices

Not a specific link, but I can show you mine that I know works.

access-list outside_cryptomap_40 permit ip 172.16.0.0 255.255.0.0 192.168.122.128 255.255.255.128
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map CRYMAP 40 ipsec-isakmp
crypto map CRYMAP 40 match address outside_cryptomap_40
crypto map CRYMAP 40 set peer xx.xx.255.42 <== my Linksys WAN IP
crypto map CRYMAP 40 set transform-set ESP-3DES-SHA
crypto map CRYMAP interface outside
isakmp enable outside
isakmp key address xx.xx.255.42 netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 3600

On my Linksys, Security, VPN page, I simply choose the same settings. Isakmp key is pre-shared, keys match, encryption policy for both phase 1 and phase 2 are 3DES/SHA. The web page is pretty self-explanatory except for the "group 2". It has a "group" choice, but it's not 1 or 2. Choose "1024".
DH Group 1 = 768
DH Group 2 = 1024
DH Group 5 = 1536 bit (usually only used with AES vs DES)

The exact model I'm using is Linksys WRV54G (I need the wireless). I have three independent VPN's to two different PIX's.

If you have multiple peers, just keep adding for each peer:

access-list outside_cryptomap_50 permit ip 172.16.0.0 255.255.0.0 192.168.xx.0 255.255.255.0
crypto map CRYMAP 50 ipsec-isakmp
crypto map CRYMAP 50 match address outside_cryptomap_50
crypto map CRYMAP 50 set peer xx.xx.xx.xx <== Peer #2
crypto map CRYMAP 50 set transform-set ESP-3DES-SHA
crypto map CRYMAP interface outside <== always re-apply the map after any changes
isakmp key address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode

access-list outside_cryptomap_60 permit ip 172.16.0.0 255.255.0.0 192.168.xx.0 255.255.255.0
crypto map CRYMAP 50 ipsec-isakmp
crypto map CRYMAP 50 match address outside_cryptomap_60
crypto map CRYMAP 50 set peer xx.xx.xx.xx <== Peer #3
crypto map CRYMAP 50 set transform-set ESP-3DES-SHA
crypto map CRYMAP interface outside <== always re-apply the map after any changes
isakmp key address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode

Random Solutions

Remote control agent fail; can't get on network

Packets capturing

Problems with one machine on a network

Asterisk / FreePBX + FollowMe

virtual IP address?

Windows XP Winsock missing after Office 2000 installation.

Convert X.509 certificate in binary format .cer to encapsulated in text .crt

Changing Registry Permissions with SubInACL.exe - Part 2

Sonic Wall TZ120