PIX IPSEC Commands

isakamp enable interface-name

isakamp policy policy-number, authentication pre-share

isakamp policy policy-number, encryption 3des

isakamp policy policy-number, hash md5

isakamp policy policy-number group 1

isakamp policy policy-number lifetime 1000

crypto ipsec transform-set set-name esp-3des esp-md5-hmac

crypto map name priority set peer peer-address

crypto map name priority set transform-set set-name

access-list name / number permit ip local-network mask remote-network-mask

crypto map name priority match address access-list

crypto map name interface interface-name

domain-name domain-name

ca generate rsa key 1024

ca save all

crpto map name priority ipsec-isakamp

crypto map name priority set peer peer-address

PIX Show Commands

show crypto map

show crypto map –  show’s all current IKE SA’s at a peer

show crypto isakamp sa

show crypto ipsec sa – displays eccypted sessions

debug crypto commands

debug crypto isa

debug crypto engine – display’s debug messages about crypto engines, which perform encryption and de-cryption

debug crypto isakamp – displays messages IKE events

clear crypto commands

clear crypto ipsec sa –  to reset the ipsec association after a failed attempt to negotiate a VPN tunnel.

clear crypto isakamp sa – to reset the Internet Security Association and key management protocol (ISAKAMP) security association after failed attempts to negotiate a VPN tunnel

www.bestitdocuments.com