[c-nsp] VPN connection between 7206 and checkpoint
Everton Diniz
notrevebr at gmail.com
Tue Aug 22 17:33:05 EDT 2006
Has anyone a config example of 7206 to do vpn tunnel with a checkpoint
firewall with this requirements?/
VPN encryption scheme: IKE
Authentication Method: Pre-Shared secret
Encapsulation: ESP
Encryption algorithm: AES-256
Data Integrity: SHA1
Diffie-Hellman group (IKE phase 1): Group 2 (1024 bit)
Renegotiate IKE (phase 1): 1440 minutes
Renegotiate IKE (phase 2): 3600 seconds
Supports key exchange for subnets: YES
Perfect Forward Secrecy? NO
Just to make sure for my config.Thats it
crypto isakmp policy 2
authentication pre-share
group 2
crypto isakmp key preshared address <other side>
crypto ipsec transform-set vpn esp-des esp-md5-hmac
crypto map teste 5 ipsec-isakmp
set peer <other side>
set transform-set vpn
match address 117
access-list 117 permit gre host <my side> host <other side>
interface FastEthernet5/1
description OUT
ip address xx.xx.xx.xx xx.xx.xx.xx
load-interval 30
duplex full
no cdp enable
hold-queue 1024 in
hold-queue 256 out
crypto map teste
I know that my current IOS does not supporte AES, but if the crypto was DES,
the config it was OK??
Tks in advance,
Everton
More information about the cisco-nsp
mailing list