Manual:IP/IPsec

From MikroTik Wiki
< Manual:IP
Revision as of 08:09, 19 February 2008 by Eep (talk | contribs) (Protected "IPsec": will be in manual [edit=sysop:move=sysop])
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

IPsec between MikroTik and Cisco PIX in tunnel mode

  • On Cisco PIX firewall:
access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list 101
!
sysopt connection permit-ipsec
!
crypto ipsec transform-set MySet esp-3des esp-sha-hmac 
!
crypto map MyMap 1 ipsec-isakmp
crypto map MyMap 1 match address 101
crypto map MyMap 1 set peer 10.11.0.2
crypto map MyMap 1 set transform-set MySet
crypto map MyMap 10 set security-association lifetime seconds 86400
crypto map MyMap interface outside
!
isakmp enable outside
isakmp key gsdhg%#@