Manual:IP/IPsec: Difference between revisions

Revision as of 10:12, 19 February 2008

IPsec between MikroTik and Cisco PIX in tunnel mode

On Cisco PIX firewall:

access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list 101
!
sysopt connection permit-ipsec
!
crypto ipsec transform-set MySet esp-3des esp-sha-hmac 
!
crypto map MyMap 1 ipsec-isakmp
crypto map MyMap 1 match address 101
crypto map MyMap 1 set peer 10.11.0.2
crypto map MyMap 1 set transform-set MySet
crypto map MyMap 10 set security-association lifetime seconds 86400
crypto map MyMap interface outside
!
isakmp enable outside
isakmp key gsdhg%#@&$*&#$U782GY#JG#HJ1231 address 10.11.0.2 netmask 255.255.255.255 
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400

On MikroTik router:

/ip ipsec peer add secret="gsdhg%#@&$*&#$U782GY#JG#HJ1231" address=10.11.0.2/32 \
\... enc-algorithm=3des hash-algorithm=sha1 dh-group=modp1024 lifetime=1d
/ip ipsec proposal add auth-algorithms=sha1 enc-algorithm=3des lifetime=1d
/ip ipsec policy add src-address 192.168.1.0/24 dst-address=192.168.0.0/24 \
\... sa-src-address=10.0.0.1 sa-dst-address=10.11.0.2 ipsec-protocols=esp action=encrypt level=require tunnel=yes

Manual:IP/IPsec: Difference between revisions

Revision as of 10:12, 19 February 2008

IPsec between MikroTik and Cisco PIX in tunnel mode

Navigation menu

Search