[c-nsp] VPN connection between 7206 and checkpoint
Everton Diniz
notrevebr at gmail.com
Wed Aug 23 10:55:13 EDT 2006
Hiii guysss.,,,
Anyone???
Regards,
Everton
On 8/22/06, Everton Diniz <notrevebr at gmail.com> wrote:
>
> Has anyone a config example of 7206 to do vpn tunnel with a checkpoint
> firewall with this requirements?/
>
> VPN encryption scheme: IKE
> Authentication Method: Pre-Shared secret
> Encapsulation: ESP
> Encryption algorithm: AES-256
> Data Integrity: SHA1
> Diffie-Hellman group (IKE phase 1): Group 2 (1024 bit)
> Renegotiate IKE (phase 1): 1440 minutes
> Renegotiate IKE (phase 2): 3600 seconds
> Supports key exchange for subnets: YES
> Perfect Forward Secrecy? NO
>
>
> Just to make sure for my config.Thats it
> crypto isakmp policy 2
> authentication pre-share
> group 2
>
> crypto isakmp key preshared address <other side>
>
> crypto ipsec transform-set vpn esp-des esp-md5-hmac
>
> crypto map teste 5 ipsec-isakmp
> set peer <other side>
> set transform-set vpn
> match address 117
>
> access-list 117 permit gre host <my side> host <other side>
>
> interface FastEthernet5/1
> description OUT
> ip address xx.xx.xx.xx xx.xx.xx.xx
> load-interval 30
> duplex full
> no cdp enable
> hold-queue 1024 in
> hold-queue 256 out
> crypto map teste
> I know that my current IOS does not supporte AES, but if the crypto was
> DES, the config it was OK??
>
>
> Tks in advance,
>
> Everton
>
More information about the cisco-nsp
mailing list