Hi corness, Thanks fer your earlier replies....
My setup as follows.. pvt network-----Router----Internet-----Pix----pvt network I want to do a VPN between the private networks using ipsec.I am concerned with router side.The s0 (10.1.0.1/24) of router is connected to pvt network and e0(210.11.3.1/24) to internet. I do the following on my router access-list 101 permit 10.1.0.0 255.255.255.0 172.1.0.0 255.255.255.255 crypto ipsec transform-set set1 esp-des esp-sha-hmac crypto map vpn 10 ipsec-isakmp crypto map vpn 10 match-address 101 crypto map vpn set peer 210.14.7.2 crypto map vpn set transform-set set1 isakmp enable e0 isakmp policy 20 isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 authentication rsa-sig isakmp policy 20 group 1 interface e0 crypto map vpn -------------------------------------------------------------------- My questions... 1)What kind of static route should I add?(I want only 10.1.0.0 to talk to 172.1.0.0 and vice versa using vpn.Rest all denied) 2)Do I need this if I don`t use nat on my router? route-map nonat permit 10 match ip address 130 3)Will this access list help me with security((i.e)except for 172.1.0.0 all other network cannot reach pvt network)? access_list 140 permit ip 172.1.0.0 0.0.0.0 any access_list 140 deny ip any any acl_group 140 e0 out cheers Ramesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28256&t=21120 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
