PIX - Site-to-Site VPN
CG1NETWORK
March 8, 2026
Site-to-site VPN tunnel
1. Prepare for the VPN service
2. Configure IKE parameters
3. Configure IPSec Parameters
4. Test and verify the tunnels
isakmp enable outside
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 authentication pre-share
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
show isakmp policy
isakmp key CISCO123 address 1.1.2.2
access-list 111 permit ip 10.0.2.0 255.255.255.0 10.0.5.0 255.255.255.0
nat (inside) 0 access-list 111
crypto ipsec transform-set TRANSFORM esp-des
crypto map MAP 10 ipsec-iskmp
crypto map MAP 10 match address 111
crypto map MAP 10 set peer 1.1.2.2
crypto map MAP 10 set transform-set TRANSFORM
crypto map MAP 10 set security-association lifetime seconds 28800
crypto map MAP interface outside
show crypto map
show crypto ipsec transform-set
Discussion in the ATmosphere