[c-nsp] VPN between cisco and checkpoint
Everton Diniz
notrevebr at gmail.com
Fri Aug 25 10:03:48 EDT 2006
Anyone work with this??? Has the same problem?
Tks,
Everton
On 8/24/06, Everton Diniz <notrevebr at gmail.com> wrote:
>
>
>
> I do this config on cisco, im trying to establish vpn with checkpoint.
> >
>
> The tunnel its ok, but i don't get return the traffic, i see that packets
> arrives on my router, but apparently they not returning to source.(198.xand
> 157.x)
>
> Any ideas??
>
> Regards,
> Everton
>
>
> look config
> >
> > crypto isakmp policy 2
> > encr 3des
> > authentication pre-share
> > group 2
> > crypto isakmp key vpn address 198.87.xx.xx
> > crypto isakmp key vpn address 157.238.xx.xx
> >
> > crypto ipsec transform-set vpn esp-3des esp-sha-hmac
> > !
> > crypto map vpn 2 ipsec-isakmp
> > set peer 198.87.49.254
> > set peer 157.238.185.130
> > set transform-set veraz
> > match address 117
> >
> > sh ip access-lists
> > Extended IP access list 117
> > permit ip host 208.48.xx.xx 198.87.xx.xx 0.0.0.31 (22 matches)
> > permit ip host 208.48.xx.xx 157.238.xx.xx 0.0.0.31
> > permit gre host 208.48.xx.xx host 198.87.xx.xx
> > permit gre host 208.48.xx.xx host 157.238.xx.xx
> > permit gre host 208.48.xx.xx host 157.238.xx.xx
> > permit gre host 208.48.xx.xx host 198.87.xx.xx
> > permit udp host 208.48.xx.xx host 198.87.xx.xx eq isakmp (13
> > matches)
> > permit udp host 208.48.xx.xx host 157.238.xx.xx. eq isakmp (13
> > matches)
> > permit udp host 208.48.xx.xx host 157.238.xx.xx eq isakmp (196
> > matches)
> > permit udp host 208.48.xx.xx host 198.87.xx.xx eq isakmp (208
> > matches)
> > permit tcp host 208.48.xx.xx host 198.87.xx.xx eq 500
> > permit tcp host 208.48.xx.xx host 157.238.xx.xx eq 500
> > permit tcp host 208.48.xx.xx host 157.238.xx.xx eq 500
> > permit tcp host 208.48.xx.xx host 198.87.xx.xx eq 500
> > permit ip 10.90.0.0 0.0.0.255 host 198.87.xx.xx
> > permit ip 10.90.1.0 0.0.0.255 host 198.87.xx.xx
> > permit ip 10.90.2.0 0.0.0.31 host 198.87.xx.xx (8 matches)
> > permit ip 10.90.2.32 0.0.0.31 host 198.87.xx.xx
> > permit ip 10.90.2.64 0.0.0.31 host 198.87.xx.xx
> > permit ip 10.90.3.0 0.0.0.31 host 198.87.xx.xx
> > permit ip 10.90.3.32 0.0.0.31 host 198.87.xx.xx
> > permit ip 10.90.3.64 0.0.0.31 host 198.87.xx.xx
> > permit ip 10.90.0.0 0.0.0.255 host 157.238.xx.xx
> > permit ip 10.90.1.0 0.0.0.255 host 157.238.xx.xx
> > permit ip 10.90.2.0 0.0.0.31 host 157.238.xx.xx
> > permit ip 10.90.2.32 0.0.0.31 host 157.238.xx.xx
> > permit ip 10.90.2.64 0.0.0.31 host 157.238.xx.xx
> > permit ip 10.90.3.0 0.0.0.31 host 157.238.xx.xx
> > permit ip 10.90.3.32 0.0.0.31 host 157.238.xx.xx
> > permit ip 10.90.3.64 0.0.0.31 host 157.238.xx.xx
> > permit ip 10.90.0.0 0.0.0.255 198.87.xx.xx 0.0.0.31
> > permit ip 10.90.1.0 0.0.0.255 198.87.xx.xx 0.0.0.31
> > permit ip 10.90.2.0 0.0.0.31 198.87.xx.xx 0.0.0.31 (87 matches)
> > permit ip 10.90.2.32 0.0.0.31 198.87.xx.xx 0.0.0.31
> > permit ip 10.90.2.64 0.0.0.31 198.87.xx.xx 0.0.0.31
> > permit ip 10.90.3.0 0.0.0.31 198.87.4xx.xx 0.0.0.31
> > permit ip 10.90.3.32 0.0.0.31 198.87.xx.xx 0.0.0.31
> > permit ip 10.90.0.0 0.0.0.255 157.238.xx.xx 0.0.0.31
> > permit ip 10.90.1.0 0.0.0.255 157.238.xx.xx 0.0.0.31
> > permit ip 10.90.2.0 0.0.0.31 157.238.xx.xx 0.0.0.31 (27 matches)
> > permit ip 10.90.2.32 0.0.0.31 157.238.xx.xx 0.0.0.31
> > permit ip 10.90.2.64 0.0.0.31 157.238.xx.xx 0.0.0.31
> > permit ip 10.90.3.0 0.0.0.31 157.238.xx.xx 0.0.0.31
> > permit ip 10.90.3.0 0.0.0.255 157.238.xx.xx 0.0.0.31
> >
> >
> > #sh crypto isakmp sa
> > dst src state conn-id slot
> > 157.238.xx.xx208.48.xx.xx MM_NO_STATE 36 0 (deleted)
> > 208.48.xx.xx 157.238.xx.xxQM_IDLE 2 0
> > 198.87.xx.xx 208.48.xx.xx MM_KEY_EXCH 37 0
> > 208.48.xx.xx 198.87.xx.xx QM_IDLE 1 0
> >
> >
> >
> >
>
More information about the cisco-nsp
mailing list