You are the network security administrator for the German company Certkiller Inc. Certkiller Inc. has recently acquired Acme, a small company in another country in Europe, and wants you to start creating a VPN tunnel over the Internet from the outside interface of the Certkiller ‘s corporate PIX Firewall to the outside interface of Acme’s branch office router using pre-shared keys. IKE has already been enabled on both devices. First configure the pre-shared key on each device and then configure the IKE parameters on each device. Use the following values as necessary:
Parameter Value
policy priority number 20
encryption algorithm 3des
has algorithm md5
authentication method pre-share
Diffie-Hellman Group ID 2
SA lifetime 83000
Pre-shared Key my Certkiller
Transform Set Name Certkiller set
ISAKMP Identity Type IP address
PIX Firewall Outside Interface Address 192.168.1.2 Branch Office Outside Interface 172.26.26.101
Crypto Map Name Certkiller map
Netmask 255.255.255.0
1. IPSec parameters are not configured, should not be configured, and consequently the tunnel will not be established.
The Router and PIX have been configured with the following specifications:
Acme Branch Office Routerg
Name: Certkiller 2
E0/0 : 10.2.1.1/24
E0/1 : 172.26.26.101/24
Enable Password: Certkiller
Corporate Office PIX
Name: Certkiller 1
E0 : 192.168.1.2/24
E1 : 10.0.1.1/24
Enable password: Certkiller
Click on the picture of the host connected to a router by a serial console cable.
A.
B.
C.
D.
Explanation:
Router Configuration
Acme(config)# isakmp enable e0/1
Acme(config-isakmp)# crypto isakmp policy 20
Acme(config-isakmp)# encryption 3des
Acme(config-isakmp)# hash md5
Acme(config-isakmp)# authentication pre-share
Acme(config-isakmp)# group 2
Acme(config-isakmp)# lifetime 83000
Acme(config-isakmp)# crypto isakmp key my Certkiller address 192.164.1.2 Ref:
PIX Firewall Configuration
Certkiller (config)# isakmp enable outside
Certkiller (config)# isakmp key my Certkiller address 172.26.26.101 netmask 255.255.255.0 Certkiller (config)# isakmp policy 20 authentication pre-share Certkiller (config)# isakmp policy 20 encryption 3des Certkiller (config)# isakmp policy 20 hash md5
Certkiller (config)# isakmp policy 20 group 2
Certkiller (config)# isakmp policy 20 lifetime 83000 Ref:
Configuring IPSec – Router to PIX