Configuration Guide

ManualsBrandsASUS ManualsOtherSL500

Application Notes

SL1000/SL500 VPN with Cisco

PIX 501

Version 1.0

Summary of content (11 pages)

PAGE 1
Application Notes SL1000/SL500 VPN with Cisco PIX 501 Version 1.0 Copyright 2006, ASUSTek Computer, Inc.
PAGE 2
Revision History Version Author Date 1.0 Martin Su 2006/5/4 Copyright 2006, ASUSTek Computer, Inc.
PAGE 3
Table of Contents Revision History.................................................................................................................................... ii Table of Contents................................................................................................................................. iii List of Figures ...................................................................................................................................... iii 1 Introduction......................
PAGE 4
1 Introduction This application note details the steps for creating an IPSec VPN tunnel between an ASUS Internet Security Router and a CISCO PIX Firewall device. It is assumed that both devices have static IP address on the WAN interface, and a default route configured. All settings and screen dumps contained in this document are taken from a CISCO PIX 501 device running firmware PIX Firewall Version 6.3(4), and an ASUS SL1000/SL500 running firmware 1.1.72A.410.
PAGE 5
2.2.3 Setup Routing Table pixfirewall(config)# route outside 0.0.0.0 0.0.0.0 10.64.2.145 Figure 2.4 Setup a default route to the PIX firewall 2.3 Setup SL1000/SL500 system 2.3.1 Setup IP address of LAN interface Figure 2.5 Setup LAN port IP address on the SL1000/SL500 2.3.2 Setup IP address of WAN interface Figure 2.6 Setup IP address of WAN interface on the SL1000/SL500 Copyright 2006, ASUSTek Computer, Inc.
PAGE 6
Figure 2.7 Verify WAN interface configurations on the SL1000/SL500 2.3.3 Setup Routing Table Figure 2.8 Setup a default route to the SL1000/SL500 3 Establish VPN Tunnel using Automatic Keying 3.1 Configure VPN Policy on PIX 501 Step: 1 Configure access list rule and VPN policy pixfirewall(config)# access-list SL1000 permit ip 192.168.30.0 255.255.255.0 10.64.3.0 255.255.255.
PAGE 7
Figure 3.1 Setup VPN policy on the PIX firewall Step 2: Verify Configurations pix-firewall# show config : Saved : Written by enable_15 at 14:22:39.654 UTC Thu May 4 2006 PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pix-firewall domain-name asus.com.
PAGE 8
aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.1.10 255.255.255.
PAGE 9
3.2 Configure VPN Policy on SL1000/SL500 Before configuring VPN, you need to enable VPN service in System Management->System Service first. Figure 3.3 Configure VPN policy on the SL1000/SL500 Figure 3.4 Verify VPN configurations on the SL1000/SL500 Copyright 2006, ASUSTek Computer, Inc.
PAGE 10
3.3 Verify VPN Tunnel Establishment pix-firewall# show crypto isakmp sa Total : 1 Embryonic : 0 dst src state pending created 10.64.2.130 10.64.2.145 QM_IDLE 0 pix-firewall# show crypto ipsec sa 1 interface: outside Crypto map tag: toSL1000, local addr. 10.64.2.130 local ident (addr/mask/prot/port): (192.168.30.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (10.64.3.0/255.255.255.0/0/0) current_peer: 10.64.2.
PAGE 11
sa timing: remaining key lifetime (k/sec): (74999/3463) IV size: 8 bytes replay detection support: Y outbound ah sas: outbound pcp sas: Figure 3.5 Verify VPN tunnel establishment on the PIX firewall Figure 3.6 Verify the VPN tunnel establishment on the SL1000/SL500 Copyright 2006, ASUSTek Computer, Inc.