O'Reilly logo

CCIE Security Practice Labs by Fahim Hussain Yusuf Bhaiji

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Section 5.0: IPSec/PPTP Configuration

5.1. IPSec LAN-to-LAN Router-to-VPN3000

  1. Configure a LAN-to-LAN IPSec tunnel between R2 and the VPN3000 concentrator.

  2. The VPN3000 concentrator is behind R1. Configure the default route to R1.

  3. Configure Loopback1 on R2 with 192.168.2.1/24.

  4. The IPSec tunnel is to protect the VPN3000 concentrator and R2 networks on 172.16.1.0/24 to 172.16.2.0/24, respectively.

  5. Configure preshared authentication with all other parameters as appropriate.

  6. The tricky part is that the VPN3000 concentrator should not peer to R2 with IP address 175.1.2.2.

  7. You need to configure bidirectional NAT on PIX for R2 IP 175.1.2.2 to an IP in VLAN3:

    pixfirewall(config)# show static static (inside,outside) 175.1.2.5 10.1.1.1 netmask 255.255.255.255 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required